xref: /freebsd/contrib/unbound/services/authzone.c (revision cfd6422a5217410fbd66f7a7a8a64d9d85e61229)
1 /*
2  * services/authzone.c - authoritative zone that is locally hosted.
3  *
4  * Copyright (c) 2017, NLnet Labs. All rights reserved.
5  *
6  * This software is open source.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  *
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  *
19  * Neither the name of the NLNET LABS nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 
36 /**
37  * \file
38  *
39  * This file contains the functions for an authority zone.  This zone
40  * is queried by the iterator, just like a stub or forward zone, but then
41  * the data is locally held.
42  */
43 
44 #include "config.h"
45 #include "services/authzone.h"
46 #include "util/data/dname.h"
47 #include "util/data/msgparse.h"
48 #include "util/data/msgreply.h"
49 #include "util/data/msgencode.h"
50 #include "util/data/packed_rrset.h"
51 #include "util/regional.h"
52 #include "util/net_help.h"
53 #include "util/netevent.h"
54 #include "util/config_file.h"
55 #include "util/log.h"
56 #include "util/module.h"
57 #include "util/random.h"
58 #include "services/cache/dns.h"
59 #include "services/outside_network.h"
60 #include "services/listen_dnsport.h"
61 #include "services/mesh.h"
62 #include "sldns/rrdef.h"
63 #include "sldns/pkthdr.h"
64 #include "sldns/sbuffer.h"
65 #include "sldns/str2wire.h"
66 #include "sldns/wire2str.h"
67 #include "sldns/parseutil.h"
68 #include "sldns/keyraw.h"
69 #include "validator/val_nsec3.h"
70 #include "validator/val_secalgo.h"
71 #include <ctype.h>
72 
73 /** bytes to use for NSEC3 hash buffer. 20 for sha1 */
74 #define N3HASHBUFLEN 32
75 /** max number of CNAMEs we are willing to follow (in one answer) */
76 #define MAX_CNAME_CHAIN 8
77 /** timeout for probe packets for SOA */
78 #define AUTH_PROBE_TIMEOUT 100 /* msec */
79 /** when to stop with SOA probes (when exponential timeouts exceed this) */
80 #define AUTH_PROBE_TIMEOUT_STOP 1000 /* msec */
81 /* auth transfer timeout for TCP connections, in msec */
82 #define AUTH_TRANSFER_TIMEOUT 10000 /* msec */
83 /* auth transfer max backoff for failed tranfers and probes */
84 #define AUTH_TRANSFER_MAX_BACKOFF 86400 /* sec */
85 /* auth http port number */
86 #define AUTH_HTTP_PORT 80
87 /* auth https port number */
88 #define AUTH_HTTPS_PORT 443
89 /* max depth for nested $INCLUDEs */
90 #define MAX_INCLUDE_DEPTH 10
91 /** number of timeouts before we fallback from IXFR to AXFR,
92  * because some versions of servers (eg. dnsmasq) drop IXFR packets. */
93 #define NUM_TIMEOUTS_FALLBACK_IXFR 3
94 
95 /** pick up nextprobe task to start waiting to perform transfer actions */
96 static void xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env,
97 	int failure, int lookup_only);
98 /** move to sending the probe packets, next if fails. task_probe */
99 static void xfr_probe_send_or_end(struct auth_xfer* xfr,
100 	struct module_env* env);
101 /** pick up probe task with specified(or NULL) destination first,
102  * or transfer task if nothing to probe, or false if already in progress */
103 static int xfr_start_probe(struct auth_xfer* xfr, struct module_env* env,
104 	struct auth_master* spec);
105 /** delete xfer structure (not its tree entry) */
106 static void auth_xfer_delete(struct auth_xfer* xfr);
107 
108 /** create new dns_msg */
109 static struct dns_msg*
110 msg_create(struct regional* region, struct query_info* qinfo)
111 {
112 	struct dns_msg* msg = (struct dns_msg*)regional_alloc(region,
113 		sizeof(struct dns_msg));
114 	if(!msg)
115 		return NULL;
116 	msg->qinfo.qname = regional_alloc_init(region, qinfo->qname,
117 		qinfo->qname_len);
118 	if(!msg->qinfo.qname)
119 		return NULL;
120 	msg->qinfo.qname_len = qinfo->qname_len;
121 	msg->qinfo.qtype = qinfo->qtype;
122 	msg->qinfo.qclass = qinfo->qclass;
123 	msg->qinfo.local_alias = NULL;
124 	/* non-packed reply_info, because it needs to grow the array */
125 	msg->rep = (struct reply_info*)regional_alloc_zero(region,
126 		sizeof(struct reply_info)-sizeof(struct rrset_ref));
127 	if(!msg->rep)
128 		return NULL;
129 	msg->rep->flags = (uint16_t)(BIT_QR | BIT_AA);
130 	msg->rep->authoritative = 1;
131 	msg->rep->qdcount = 1;
132 	/* rrsets is NULL, no rrsets yet */
133 	return msg;
134 }
135 
136 /** grow rrset array by one in msg */
137 static int
138 msg_grow_array(struct regional* region, struct dns_msg* msg)
139 {
140 	if(msg->rep->rrsets == NULL) {
141 		msg->rep->rrsets = regional_alloc_zero(region,
142 			sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1));
143 		if(!msg->rep->rrsets)
144 			return 0;
145 	} else {
146 		struct ub_packed_rrset_key** rrsets_old = msg->rep->rrsets;
147 		msg->rep->rrsets = regional_alloc_zero(region,
148 			sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1));
149 		if(!msg->rep->rrsets)
150 			return 0;
151 		memmove(msg->rep->rrsets, rrsets_old,
152 			sizeof(struct ub_packed_rrset_key*)*msg->rep->rrset_count);
153 	}
154 	return 1;
155 }
156 
157 /** get ttl of rrset */
158 static time_t
159 get_rrset_ttl(struct ub_packed_rrset_key* k)
160 {
161 	struct packed_rrset_data* d = (struct packed_rrset_data*)
162 		k->entry.data;
163 	return d->ttl;
164 }
165 
166 /** Copy rrset into region from domain-datanode and packet rrset */
167 static struct ub_packed_rrset_key*
168 auth_packed_rrset_copy_region(struct auth_zone* z, struct auth_data* node,
169 	struct auth_rrset* rrset, struct regional* region, time_t adjust)
170 {
171 	struct ub_packed_rrset_key key;
172 	memset(&key, 0, sizeof(key));
173 	key.entry.key = &key;
174 	key.entry.data = rrset->data;
175 	key.rk.dname = node->name;
176 	key.rk.dname_len = node->namelen;
177 	key.rk.type = htons(rrset->type);
178 	key.rk.rrset_class = htons(z->dclass);
179 	key.entry.hash = rrset_key_hash(&key.rk);
180 	return packed_rrset_copy_region(&key, region, adjust);
181 }
182 
183 /** fix up msg->rep TTL and prefetch ttl */
184 static void
185 msg_ttl(struct dns_msg* msg)
186 {
187 	if(msg->rep->rrset_count == 0) return;
188 	if(msg->rep->rrset_count == 1) {
189 		msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]);
190 		msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
191 		msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
192 	} else if(get_rrset_ttl(msg->rep->rrsets[msg->rep->rrset_count-1]) <
193 		msg->rep->ttl) {
194 		msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[
195 			msg->rep->rrset_count-1]);
196 		msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
197 		msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
198 	}
199 }
200 
201 /** see if rrset is a duplicate in the answer message */
202 static int
203 msg_rrset_duplicate(struct dns_msg* msg, uint8_t* nm, size_t nmlen,
204 	uint16_t type, uint16_t dclass)
205 {
206 	size_t i;
207 	for(i=0; i<msg->rep->rrset_count; i++) {
208 		struct ub_packed_rrset_key* k = msg->rep->rrsets[i];
209 		if(ntohs(k->rk.type) == type && k->rk.dname_len == nmlen &&
210 			ntohs(k->rk.rrset_class) == dclass &&
211 			query_dname_compare(k->rk.dname, nm) == 0)
212 			return 1;
213 	}
214 	return 0;
215 }
216 
217 /** add rrset to answer section (no auth, add rrsets yet) */
218 static int
219 msg_add_rrset_an(struct auth_zone* z, struct regional* region,
220 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
221 {
222 	log_assert(msg->rep->ns_numrrsets == 0);
223 	log_assert(msg->rep->ar_numrrsets == 0);
224 	if(!rrset || !node)
225 		return 1;
226 	if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
227 		z->dclass))
228 		return 1;
229 	/* grow array */
230 	if(!msg_grow_array(region, msg))
231 		return 0;
232 	/* copy it */
233 	if(!(msg->rep->rrsets[msg->rep->rrset_count] =
234 		auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
235 		return 0;
236 	msg->rep->rrset_count++;
237 	msg->rep->an_numrrsets++;
238 	msg_ttl(msg);
239 	return 1;
240 }
241 
242 /** add rrset to authority section (no additonal section rrsets yet) */
243 static int
244 msg_add_rrset_ns(struct auth_zone* z, struct regional* region,
245 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
246 {
247 	log_assert(msg->rep->ar_numrrsets == 0);
248 	if(!rrset || !node)
249 		return 1;
250 	if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
251 		z->dclass))
252 		return 1;
253 	/* grow array */
254 	if(!msg_grow_array(region, msg))
255 		return 0;
256 	/* copy it */
257 	if(!(msg->rep->rrsets[msg->rep->rrset_count] =
258 		auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
259 		return 0;
260 	msg->rep->rrset_count++;
261 	msg->rep->ns_numrrsets++;
262 	msg_ttl(msg);
263 	return 1;
264 }
265 
266 /** add rrset to additional section */
267 static int
268 msg_add_rrset_ar(struct auth_zone* z, struct regional* region,
269 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
270 {
271 	if(!rrset || !node)
272 		return 1;
273 	if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
274 		z->dclass))
275 		return 1;
276 	/* grow array */
277 	if(!msg_grow_array(region, msg))
278 		return 0;
279 	/* copy it */
280 	if(!(msg->rep->rrsets[msg->rep->rrset_count] =
281 		auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
282 		return 0;
283 	msg->rep->rrset_count++;
284 	msg->rep->ar_numrrsets++;
285 	msg_ttl(msg);
286 	return 1;
287 }
288 
289 struct auth_zones* auth_zones_create(void)
290 {
291 	struct auth_zones* az = (struct auth_zones*)calloc(1, sizeof(*az));
292 	if(!az) {
293 		log_err("out of memory");
294 		return NULL;
295 	}
296 	rbtree_init(&az->ztree, &auth_zone_cmp);
297 	rbtree_init(&az->xtree, &auth_xfer_cmp);
298 	lock_rw_init(&az->lock);
299 	lock_protect(&az->lock, &az->ztree, sizeof(az->ztree));
300 	lock_protect(&az->lock, &az->xtree, sizeof(az->xtree));
301 	/* also lock protects the rbnode's in struct auth_zone, auth_xfer */
302 	lock_rw_init(&az->rpz_lock);
303 	lock_protect(&az->rpz_lock, &az->rpz_first, sizeof(az->rpz_first));
304 	return az;
305 }
306 
307 int auth_zone_cmp(const void* z1, const void* z2)
308 {
309 	/* first sort on class, so that hierarchy can be maintained within
310 	 * a class */
311 	struct auth_zone* a = (struct auth_zone*)z1;
312 	struct auth_zone* b = (struct auth_zone*)z2;
313 	int m;
314 	if(a->dclass != b->dclass) {
315 		if(a->dclass < b->dclass)
316 			return -1;
317 		return 1;
318 	}
319 	/* sorted such that higher zones sort before lower zones (their
320 	 * contents) */
321 	return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m);
322 }
323 
324 int auth_data_cmp(const void* z1, const void* z2)
325 {
326 	struct auth_data* a = (struct auth_data*)z1;
327 	struct auth_data* b = (struct auth_data*)z2;
328 	int m;
329 	/* canonical sort, because DNSSEC needs that */
330 	return dname_canon_lab_cmp(a->name, a->namelabs, b->name,
331 		b->namelabs, &m);
332 }
333 
334 int auth_xfer_cmp(const void* z1, const void* z2)
335 {
336 	/* first sort on class, so that hierarchy can be maintained within
337 	 * a class */
338 	struct auth_xfer* a = (struct auth_xfer*)z1;
339 	struct auth_xfer* b = (struct auth_xfer*)z2;
340 	int m;
341 	if(a->dclass != b->dclass) {
342 		if(a->dclass < b->dclass)
343 			return -1;
344 		return 1;
345 	}
346 	/* sorted such that higher zones sort before lower zones (their
347 	 * contents) */
348 	return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m);
349 }
350 
351 /** delete auth rrset node */
352 static void
353 auth_rrset_delete(struct auth_rrset* rrset)
354 {
355 	if(!rrset) return;
356 	free(rrset->data);
357 	free(rrset);
358 }
359 
360 /** delete auth data domain node */
361 static void
362 auth_data_delete(struct auth_data* n)
363 {
364 	struct auth_rrset* p, *np;
365 	if(!n) return;
366 	p = n->rrsets;
367 	while(p) {
368 		np = p->next;
369 		auth_rrset_delete(p);
370 		p = np;
371 	}
372 	free(n->name);
373 	free(n);
374 }
375 
376 /** helper traverse to delete zones */
377 static void
378 auth_data_del(rbnode_type* n, void* ATTR_UNUSED(arg))
379 {
380 	struct auth_data* z = (struct auth_data*)n->key;
381 	auth_data_delete(z);
382 }
383 
384 /** delete an auth zone structure (tree remove must be done elsewhere) */
385 static void
386 auth_zone_delete(struct auth_zone* z, struct auth_zones* az)
387 {
388 	if(!z) return;
389 	lock_rw_destroy(&z->lock);
390 	traverse_postorder(&z->data, auth_data_del, NULL);
391 
392 	if(az && z->rpz) {
393 		/* keep RPZ linked list intact */
394 		lock_rw_wrlock(&az->rpz_lock);
395 		if(z->rpz_az_prev)
396 			z->rpz_az_prev->rpz_az_next = z->rpz_az_next;
397 		else
398 			az->rpz_first = z->rpz_az_next;
399 		if(z->rpz_az_next)
400 			z->rpz_az_next->rpz_az_prev = z->rpz_az_prev;
401 		lock_rw_unlock(&az->rpz_lock);
402 	}
403 	if(z->rpz)
404 		rpz_delete(z->rpz);
405 	free(z->name);
406 	free(z->zonefile);
407 	free(z);
408 }
409 
410 struct auth_zone*
411 auth_zone_create(struct auth_zones* az, uint8_t* nm, size_t nmlen,
412 	uint16_t dclass)
413 {
414 	struct auth_zone* z = (struct auth_zone*)calloc(1, sizeof(*z));
415 	if(!z) {
416 		return NULL;
417 	}
418 	z->node.key = z;
419 	z->dclass = dclass;
420 	z->namelen = nmlen;
421 	z->namelabs = dname_count_labels(nm);
422 	z->name = memdup(nm, nmlen);
423 	if(!z->name) {
424 		free(z);
425 		return NULL;
426 	}
427 	rbtree_init(&z->data, &auth_data_cmp);
428 	lock_rw_init(&z->lock);
429 	lock_protect(&z->lock, &z->name, sizeof(*z)-sizeof(rbnode_type)-
430 			sizeof(&z->rpz_az_next)-sizeof(&z->rpz_az_prev));
431 	lock_rw_wrlock(&z->lock);
432 	/* z lock protects all, except rbtree itself and the rpz linked list
433 	 * pointers, which are protected using az->lock */
434 	if(!rbtree_insert(&az->ztree, &z->node)) {
435 		lock_rw_unlock(&z->lock);
436 		auth_zone_delete(z, NULL);
437 		log_warn("duplicate auth zone");
438 		return NULL;
439 	}
440 	return z;
441 }
442 
443 struct auth_zone*
444 auth_zone_find(struct auth_zones* az, uint8_t* nm, size_t nmlen,
445 	uint16_t dclass)
446 {
447 	struct auth_zone key;
448 	key.node.key = &key;
449 	key.dclass = dclass;
450 	key.name = nm;
451 	key.namelen = nmlen;
452 	key.namelabs = dname_count_labels(nm);
453 	return (struct auth_zone*)rbtree_search(&az->ztree, &key);
454 }
455 
456 struct auth_xfer*
457 auth_xfer_find(struct auth_zones* az, uint8_t* nm, size_t nmlen,
458 	uint16_t dclass)
459 {
460 	struct auth_xfer key;
461 	key.node.key = &key;
462 	key.dclass = dclass;
463 	key.name = nm;
464 	key.namelen = nmlen;
465 	key.namelabs = dname_count_labels(nm);
466 	return (struct auth_xfer*)rbtree_search(&az->xtree, &key);
467 }
468 
469 /** find an auth zone or sorted less-or-equal, return true if exact */
470 static int
471 auth_zone_find_less_equal(struct auth_zones* az, uint8_t* nm, size_t nmlen,
472 	uint16_t dclass, struct auth_zone** z)
473 {
474 	struct auth_zone key;
475 	key.node.key = &key;
476 	key.dclass = dclass;
477 	key.name = nm;
478 	key.namelen = nmlen;
479 	key.namelabs = dname_count_labels(nm);
480 	return rbtree_find_less_equal(&az->ztree, &key, (rbnode_type**)z);
481 }
482 
483 
484 /** find the auth zone that is above the given name */
485 struct auth_zone*
486 auth_zones_find_zone(struct auth_zones* az, uint8_t* name, size_t name_len,
487 	uint16_t dclass)
488 {
489 	uint8_t* nm = name;
490 	size_t nmlen = name_len;
491 	struct auth_zone* z;
492 	if(auth_zone_find_less_equal(az, nm, nmlen, dclass, &z)) {
493 		/* exact match */
494 		return z;
495 	} else {
496 		/* less-or-nothing */
497 		if(!z) return NULL; /* nothing smaller, nothing above it */
498 		/* we found smaller name; smaller may be above the name,
499 		 * but not below it. */
500 		nm = dname_get_shared_topdomain(z->name, name);
501 		dname_count_size_labels(nm, &nmlen);
502 		z = NULL;
503 	}
504 
505 	/* search up */
506 	while(!z) {
507 		z = auth_zone_find(az, nm, nmlen, dclass);
508 		if(z) return z;
509 		if(dname_is_root(nm)) break;
510 		dname_remove_label(&nm, &nmlen);
511 	}
512 	return NULL;
513 }
514 
515 /** find or create zone with name str. caller must have lock on az.
516  * returns a wrlocked zone */
517 static struct auth_zone*
518 auth_zones_find_or_add_zone(struct auth_zones* az, char* name)
519 {
520 	uint8_t nm[LDNS_MAX_DOMAINLEN+1];
521 	size_t nmlen = sizeof(nm);
522 	struct auth_zone* z;
523 
524 	if(sldns_str2wire_dname_buf(name, nm, &nmlen) != 0) {
525 		log_err("cannot parse auth zone name: %s", name);
526 		return 0;
527 	}
528 	z = auth_zone_find(az, nm, nmlen, LDNS_RR_CLASS_IN);
529 	if(!z) {
530 		/* not found, create the zone */
531 		z = auth_zone_create(az, nm, nmlen, LDNS_RR_CLASS_IN);
532 	} else {
533 		lock_rw_wrlock(&z->lock);
534 	}
535 	return z;
536 }
537 
538 /** find or create xfer zone with name str. caller must have lock on az.
539  * returns a locked xfer */
540 static struct auth_xfer*
541 auth_zones_find_or_add_xfer(struct auth_zones* az, struct auth_zone* z)
542 {
543 	struct auth_xfer* x;
544 	x = auth_xfer_find(az, z->name, z->namelen, z->dclass);
545 	if(!x) {
546 		/* not found, create the zone */
547 		x = auth_xfer_create(az, z);
548 	} else {
549 		lock_basic_lock(&x->lock);
550 	}
551 	return x;
552 }
553 
554 int
555 auth_zone_set_zonefile(struct auth_zone* z, char* zonefile)
556 {
557 	if(z->zonefile) free(z->zonefile);
558 	if(zonefile == NULL) {
559 		z->zonefile = NULL;
560 	} else {
561 		z->zonefile = strdup(zonefile);
562 		if(!z->zonefile) {
563 			log_err("malloc failure");
564 			return 0;
565 		}
566 	}
567 	return 1;
568 }
569 
570 /** set auth zone fallback. caller must have lock on zone */
571 int
572 auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr)
573 {
574 	if(strcmp(fallbackstr, "yes") != 0 && strcmp(fallbackstr, "no") != 0){
575 		log_err("auth zone fallback, expected yes or no, got %s",
576 			fallbackstr);
577 		return 0;
578 	}
579 	z->fallback_enabled = (strcmp(fallbackstr, "yes")==0);
580 	return 1;
581 }
582 
583 /** create domain with the given name */
584 static struct auth_data*
585 az_domain_create(struct auth_zone* z, uint8_t* nm, size_t nmlen)
586 {
587 	struct auth_data* n = (struct auth_data*)malloc(sizeof(*n));
588 	if(!n) return NULL;
589 	memset(n, 0, sizeof(*n));
590 	n->node.key = n;
591 	n->name = memdup(nm, nmlen);
592 	if(!n->name) {
593 		free(n);
594 		return NULL;
595 	}
596 	n->namelen = nmlen;
597 	n->namelabs = dname_count_labels(nm);
598 	if(!rbtree_insert(&z->data, &n->node)) {
599 		log_warn("duplicate auth domain name");
600 		free(n->name);
601 		free(n);
602 		return NULL;
603 	}
604 	return n;
605 }
606 
607 /** find domain with exactly the given name */
608 static struct auth_data*
609 az_find_name(struct auth_zone* z, uint8_t* nm, size_t nmlen)
610 {
611 	struct auth_zone key;
612 	key.node.key = &key;
613 	key.name = nm;
614 	key.namelen = nmlen;
615 	key.namelabs = dname_count_labels(nm);
616 	return (struct auth_data*)rbtree_search(&z->data, &key);
617 }
618 
619 /** Find domain name (or closest match) */
620 static void
621 az_find_domain(struct auth_zone* z, struct query_info* qinfo, int* node_exact,
622 	struct auth_data** node)
623 {
624 	struct auth_zone key;
625 	key.node.key = &key;
626 	key.name = qinfo->qname;
627 	key.namelen = qinfo->qname_len;
628 	key.namelabs = dname_count_labels(key.name);
629 	*node_exact = rbtree_find_less_equal(&z->data, &key,
630 		(rbnode_type**)node);
631 }
632 
633 /** find or create domain with name in zone */
634 static struct auth_data*
635 az_domain_find_or_create(struct auth_zone* z, uint8_t* dname,
636 	size_t dname_len)
637 {
638 	struct auth_data* n = az_find_name(z, dname, dname_len);
639 	if(!n) {
640 		n = az_domain_create(z, dname, dname_len);
641 	}
642 	return n;
643 }
644 
645 /** find rrset of given type in the domain */
646 static struct auth_rrset*
647 az_domain_rrset(struct auth_data* n, uint16_t t)
648 {
649 	struct auth_rrset* rrset;
650 	if(!n) return NULL;
651 	rrset = n->rrsets;
652 	while(rrset) {
653 		if(rrset->type == t)
654 			return rrset;
655 		rrset = rrset->next;
656 	}
657 	return NULL;
658 }
659 
660 /** remove rrset of this type from domain */
661 static void
662 domain_remove_rrset(struct auth_data* node, uint16_t rr_type)
663 {
664 	struct auth_rrset* rrset, *prev;
665 	if(!node) return;
666 	prev = NULL;
667 	rrset = node->rrsets;
668 	while(rrset) {
669 		if(rrset->type == rr_type) {
670 			/* found it, now delete it */
671 			if(prev) prev->next = rrset->next;
672 			else	node->rrsets = rrset->next;
673 			auth_rrset_delete(rrset);
674 			return;
675 		}
676 		prev = rrset;
677 		rrset = rrset->next;
678 	}
679 }
680 
681 /** find an rrsig index in the rrset.  returns true if found */
682 static int
683 az_rrset_find_rrsig(struct packed_rrset_data* d, uint8_t* rdata, size_t len,
684 	size_t* index)
685 {
686 	size_t i;
687 	for(i=d->count; i<d->count + d->rrsig_count; i++) {
688 		if(d->rr_len[i] != len)
689 			continue;
690 		if(memcmp(d->rr_data[i], rdata, len) == 0) {
691 			*index = i;
692 			return 1;
693 		}
694 	}
695 	return 0;
696 }
697 
698 /** see if rdata is duplicate */
699 static int
700 rdata_duplicate(struct packed_rrset_data* d, uint8_t* rdata, size_t len)
701 {
702 	size_t i;
703 	for(i=0; i<d->count + d->rrsig_count; i++) {
704 		if(d->rr_len[i] != len)
705 			continue;
706 		if(memcmp(d->rr_data[i], rdata, len) == 0)
707 			return 1;
708 	}
709 	return 0;
710 }
711 
712 /** get rrsig type covered from rdata.
713  * @param rdata: rdata in wireformat, starting with 16bit rdlength.
714  * @param rdatalen: length of rdata buffer.
715  * @return type covered (or 0).
716  */
717 static uint16_t
718 rrsig_rdata_get_type_covered(uint8_t* rdata, size_t rdatalen)
719 {
720 	if(rdatalen < 4)
721 		return 0;
722 	return sldns_read_uint16(rdata+2);
723 }
724 
725 /** remove RR from existing RRset. Also sig, if it is a signature.
726  * reallocates the packed rrset for a new one, false on alloc failure */
727 static int
728 rrset_remove_rr(struct auth_rrset* rrset, size_t index)
729 {
730 	struct packed_rrset_data* d, *old = rrset->data;
731 	size_t i;
732 	if(index >= old->count + old->rrsig_count)
733 		return 0; /* index out of bounds */
734 	d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old) - (
735 		sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t) +
736 		old->rr_len[index]));
737 	if(!d) {
738 		log_err("malloc failure");
739 		return 0;
740 	}
741 	d->ttl = old->ttl;
742 	d->count = old->count;
743 	d->rrsig_count = old->rrsig_count;
744 	if(index < d->count) d->count--;
745 	else d->rrsig_count--;
746 	d->trust = old->trust;
747 	d->security = old->security;
748 
749 	/* set rr_len, needed for ptr_fixup */
750 	d->rr_len = (size_t*)((uint8_t*)d +
751 		sizeof(struct packed_rrset_data));
752 	if(index > 0)
753 		memmove(d->rr_len, old->rr_len, (index)*sizeof(size_t));
754 	if(index+1 < old->count+old->rrsig_count)
755 		memmove(&d->rr_len[index], &old->rr_len[index+1],
756 		(old->count+old->rrsig_count - (index+1))*sizeof(size_t));
757 	packed_rrset_ptr_fixup(d);
758 
759 	/* move over ttls */
760 	if(index > 0)
761 		memmove(d->rr_ttl, old->rr_ttl, (index)*sizeof(time_t));
762 	if(index+1 < old->count+old->rrsig_count)
763 		memmove(&d->rr_ttl[index], &old->rr_ttl[index+1],
764 		(old->count+old->rrsig_count - (index+1))*sizeof(time_t));
765 
766 	/* move over rr_data */
767 	for(i=0; i<d->count+d->rrsig_count; i++) {
768 		size_t oldi;
769 		if(i < index) oldi = i;
770 		else oldi = i+1;
771 		memmove(d->rr_data[i], old->rr_data[oldi], d->rr_len[i]);
772 	}
773 
774 	/* recalc ttl (lowest of remaining RR ttls) */
775 	if(d->count + d->rrsig_count > 0)
776 		d->ttl = d->rr_ttl[0];
777 	for(i=0; i<d->count+d->rrsig_count; i++) {
778 		if(d->rr_ttl[i] < d->ttl)
779 			d->ttl = d->rr_ttl[i];
780 	}
781 
782 	free(rrset->data);
783 	rrset->data = d;
784 	return 1;
785 }
786 
787 /** add RR to existing RRset. If insert_sig is true, add to rrsigs.
788  * This reallocates the packed rrset for a new one */
789 static int
790 rrset_add_rr(struct auth_rrset* rrset, uint32_t rr_ttl, uint8_t* rdata,
791 	size_t rdatalen, int insert_sig)
792 {
793 	struct packed_rrset_data* d, *old = rrset->data;
794 	size_t total, old_total;
795 
796 	d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old)
797 		+ sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t)
798 		+ rdatalen);
799 	if(!d) {
800 		log_err("out of memory");
801 		return 0;
802 	}
803 	/* copy base values */
804 	memcpy(d, old, sizeof(struct packed_rrset_data));
805 	if(!insert_sig) {
806 		d->count++;
807 	} else {
808 		d->rrsig_count++;
809 	}
810 	old_total = old->count + old->rrsig_count;
811 	total = d->count + d->rrsig_count;
812 	/* set rr_len, needed for ptr_fixup */
813 	d->rr_len = (size_t*)((uint8_t*)d +
814 		sizeof(struct packed_rrset_data));
815 	if(old->count != 0)
816 		memmove(d->rr_len, old->rr_len, old->count*sizeof(size_t));
817 	if(old->rrsig_count != 0)
818 		memmove(d->rr_len+d->count, old->rr_len+old->count,
819 			old->rrsig_count*sizeof(size_t));
820 	if(!insert_sig)
821 		d->rr_len[d->count-1] = rdatalen;
822 	else	d->rr_len[total-1] = rdatalen;
823 	packed_rrset_ptr_fixup(d);
824 	if((time_t)rr_ttl < d->ttl)
825 		d->ttl = rr_ttl;
826 
827 	/* copy old values into new array */
828 	if(old->count != 0) {
829 		memmove(d->rr_ttl, old->rr_ttl, old->count*sizeof(time_t));
830 		/* all the old rr pieces are allocated sequential, so we
831 		 * can copy them in one go */
832 		memmove(d->rr_data[0], old->rr_data[0],
833 			(old->rr_data[old->count-1] - old->rr_data[0]) +
834 			old->rr_len[old->count-1]);
835 	}
836 	if(old->rrsig_count != 0) {
837 		memmove(d->rr_ttl+d->count, old->rr_ttl+old->count,
838 			old->rrsig_count*sizeof(time_t));
839 		memmove(d->rr_data[d->count], old->rr_data[old->count],
840 			(old->rr_data[old_total-1] - old->rr_data[old->count]) +
841 			old->rr_len[old_total-1]);
842 	}
843 
844 	/* insert new value */
845 	if(!insert_sig) {
846 		d->rr_ttl[d->count-1] = rr_ttl;
847 		memmove(d->rr_data[d->count-1], rdata, rdatalen);
848 	} else {
849 		d->rr_ttl[total-1] = rr_ttl;
850 		memmove(d->rr_data[total-1], rdata, rdatalen);
851 	}
852 
853 	rrset->data = d;
854 	free(old);
855 	return 1;
856 }
857 
858 /** Create new rrset for node with packed rrset with one RR element */
859 static struct auth_rrset*
860 rrset_create(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl,
861 	uint8_t* rdata, size_t rdatalen)
862 {
863 	struct auth_rrset* rrset = (struct auth_rrset*)calloc(1,
864 		sizeof(*rrset));
865 	struct auth_rrset* p, *prev;
866 	struct packed_rrset_data* d;
867 	if(!rrset) {
868 		log_err("out of memory");
869 		return NULL;
870 	}
871 	rrset->type = rr_type;
872 
873 	/* the rrset data structure, with one RR */
874 	d = (struct packed_rrset_data*)calloc(1,
875 		sizeof(struct packed_rrset_data) + sizeof(size_t) +
876 		sizeof(uint8_t*) + sizeof(time_t) + rdatalen);
877 	if(!d) {
878 		free(rrset);
879 		log_err("out of memory");
880 		return NULL;
881 	}
882 	rrset->data = d;
883 	d->ttl = rr_ttl;
884 	d->trust = rrset_trust_prim_noglue;
885 	d->rr_len = (size_t*)((uint8_t*)d + sizeof(struct packed_rrset_data));
886 	d->rr_data = (uint8_t**)&(d->rr_len[1]);
887 	d->rr_ttl = (time_t*)&(d->rr_data[1]);
888 	d->rr_data[0] = (uint8_t*)&(d->rr_ttl[1]);
889 
890 	/* insert the RR */
891 	d->rr_len[0] = rdatalen;
892 	d->rr_ttl[0] = rr_ttl;
893 	memmove(d->rr_data[0], rdata, rdatalen);
894 	d->count++;
895 
896 	/* insert rrset into linked list for domain */
897 	/* find sorted place to link the rrset into the list */
898 	prev = NULL;
899 	p = node->rrsets;
900 	while(p && p->type<=rr_type) {
901 		prev = p;
902 		p = p->next;
903 	}
904 	/* so, prev is smaller, and p is larger than rr_type */
905 	rrset->next = p;
906 	if(prev) prev->next = rrset;
907 	else node->rrsets = rrset;
908 	return rrset;
909 }
910 
911 /** count number (and size) of rrsigs that cover a type */
912 static size_t
913 rrsig_num_that_cover(struct auth_rrset* rrsig, uint16_t rr_type, size_t* sigsz)
914 {
915 	struct packed_rrset_data* d = rrsig->data;
916 	size_t i, num = 0;
917 	*sigsz = 0;
918 	log_assert(d && rrsig->type == LDNS_RR_TYPE_RRSIG);
919 	for(i=0; i<d->count+d->rrsig_count; i++) {
920 		if(rrsig_rdata_get_type_covered(d->rr_data[i],
921 			d->rr_len[i]) == rr_type) {
922 			num++;
923 			(*sigsz) += d->rr_len[i];
924 		}
925 	}
926 	return num;
927 }
928 
929 /** See if rrsig set has covered sigs for rrset and move them over */
930 static int
931 rrset_moveover_rrsigs(struct auth_data* node, uint16_t rr_type,
932 	struct auth_rrset* rrset, struct auth_rrset* rrsig)
933 {
934 	size_t sigs, sigsz, i, j, total;
935 	struct packed_rrset_data* sigold = rrsig->data;
936 	struct packed_rrset_data* old = rrset->data;
937 	struct packed_rrset_data* d, *sigd;
938 
939 	log_assert(rrset->type == rr_type);
940 	log_assert(rrsig->type == LDNS_RR_TYPE_RRSIG);
941 	sigs = rrsig_num_that_cover(rrsig, rr_type, &sigsz);
942 	if(sigs == 0) {
943 		/* 0 rrsigs to move over, done */
944 		return 1;
945 	}
946 
947 	/* allocate rrset sigsz larger for extra sigs elements, and
948 	 * allocate rrsig sigsz smaller for less sigs elements. */
949 	d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old)
950 		+ sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t))
951 		+ sigsz);
952 	if(!d) {
953 		log_err("out of memory");
954 		return 0;
955 	}
956 	/* copy base values */
957 	total = old->count + old->rrsig_count;
958 	memcpy(d, old, sizeof(struct packed_rrset_data));
959 	d->rrsig_count += sigs;
960 	/* setup rr_len */
961 	d->rr_len = (size_t*)((uint8_t*)d +
962 		sizeof(struct packed_rrset_data));
963 	if(total != 0)
964 		memmove(d->rr_len, old->rr_len, total*sizeof(size_t));
965 	j = d->count+d->rrsig_count-sigs;
966 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
967 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
968 			sigold->rr_len[i]) == rr_type) {
969 			d->rr_len[j] = sigold->rr_len[i];
970 			j++;
971 		}
972 	}
973 	packed_rrset_ptr_fixup(d);
974 
975 	/* copy old values into new array */
976 	if(total != 0) {
977 		memmove(d->rr_ttl, old->rr_ttl, total*sizeof(time_t));
978 		/* all the old rr pieces are allocated sequential, so we
979 		 * can copy them in one go */
980 		memmove(d->rr_data[0], old->rr_data[0],
981 			(old->rr_data[total-1] - old->rr_data[0]) +
982 			old->rr_len[total-1]);
983 	}
984 
985 	/* move over the rrsigs to the larger rrset*/
986 	j = d->count+d->rrsig_count-sigs;
987 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
988 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
989 			sigold->rr_len[i]) == rr_type) {
990 			/* move this one over to location j */
991 			d->rr_ttl[j] = sigold->rr_ttl[i];
992 			memmove(d->rr_data[j], sigold->rr_data[i],
993 				sigold->rr_len[i]);
994 			if(d->rr_ttl[j] < d->ttl)
995 				d->ttl = d->rr_ttl[j];
996 			j++;
997 		}
998 	}
999 
1000 	/* put it in and deallocate the old rrset */
1001 	rrset->data = d;
1002 	free(old);
1003 
1004 	/* now make rrsig set smaller */
1005 	if(sigold->count+sigold->rrsig_count == sigs) {
1006 		/* remove all sigs from rrsig, remove it entirely */
1007 		domain_remove_rrset(node, LDNS_RR_TYPE_RRSIG);
1008 		return 1;
1009 	}
1010 	log_assert(packed_rrset_sizeof(sigold) > sigs*(sizeof(size_t) +
1011 		sizeof(uint8_t*) + sizeof(time_t)) + sigsz);
1012 	sigd = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(sigold)
1013 		- sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t))
1014 		- sigsz);
1015 	if(!sigd) {
1016 		/* no need to free up d, it has already been placed in the
1017 		 * node->rrset structure */
1018 		log_err("out of memory");
1019 		return 0;
1020 	}
1021 	/* copy base values */
1022 	memcpy(sigd, sigold, sizeof(struct packed_rrset_data));
1023 	/* in sigd the RRSIGs are stored in the base of the RR, in count */
1024 	sigd->count -= sigs;
1025 	/* setup rr_len */
1026 	sigd->rr_len = (size_t*)((uint8_t*)sigd +
1027 		sizeof(struct packed_rrset_data));
1028 	j = 0;
1029 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
1030 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
1031 			sigold->rr_len[i]) != rr_type) {
1032 			sigd->rr_len[j] = sigold->rr_len[i];
1033 			j++;
1034 		}
1035 	}
1036 	packed_rrset_ptr_fixup(sigd);
1037 
1038 	/* copy old values into new rrsig array */
1039 	j = 0;
1040 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
1041 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
1042 			sigold->rr_len[i]) != rr_type) {
1043 			/* move this one over to location j */
1044 			sigd->rr_ttl[j] = sigold->rr_ttl[i];
1045 			memmove(sigd->rr_data[j], sigold->rr_data[i],
1046 				sigold->rr_len[i]);
1047 			if(j==0) sigd->ttl = sigd->rr_ttl[j];
1048 			else {
1049 				if(sigd->rr_ttl[j] < sigd->ttl)
1050 					sigd->ttl = sigd->rr_ttl[j];
1051 			}
1052 			j++;
1053 		}
1054 	}
1055 
1056 	/* put it in and deallocate the old rrset */
1057 	rrsig->data = sigd;
1058 	free(sigold);
1059 
1060 	return 1;
1061 }
1062 
1063 /** copy the rrsigs from the rrset to the rrsig rrset, because the rrset
1064  * is going to be deleted.  reallocates the RRSIG rrset data. */
1065 static int
1066 rrsigs_copy_from_rrset_to_rrsigset(struct auth_rrset* rrset,
1067 	struct auth_rrset* rrsigset)
1068 {
1069 	size_t i;
1070 	if(rrset->data->rrsig_count == 0)
1071 		return 1;
1072 
1073 	/* move them over one by one, because there might be duplicates,
1074 	 * duplicates are ignored */
1075 	for(i=rrset->data->count;
1076 		i<rrset->data->count+rrset->data->rrsig_count; i++) {
1077 		uint8_t* rdata = rrset->data->rr_data[i];
1078 		size_t rdatalen = rrset->data->rr_len[i];
1079 		time_t rr_ttl  = rrset->data->rr_ttl[i];
1080 
1081 		if(rdata_duplicate(rrsigset->data, rdata, rdatalen)) {
1082 			continue;
1083 		}
1084 		if(!rrset_add_rr(rrsigset, rr_ttl, rdata, rdatalen, 0))
1085 			return 0;
1086 	}
1087 	return 1;
1088 }
1089 
1090 /** Add rr to node, ignores duplicate RRs,
1091  * rdata points to buffer with rdatalen octets, starts with 2bytelength. */
1092 static int
1093 az_domain_add_rr(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl,
1094 	uint8_t* rdata, size_t rdatalen, int* duplicate)
1095 {
1096 	struct auth_rrset* rrset;
1097 	/* packed rrsets have their rrsigs along with them, sort them out */
1098 	if(rr_type == LDNS_RR_TYPE_RRSIG) {
1099 		uint16_t ctype = rrsig_rdata_get_type_covered(rdata, rdatalen);
1100 		if((rrset=az_domain_rrset(node, ctype))!= NULL) {
1101 			/* a node of the correct type exists, add the RRSIG
1102 			 * to the rrset of the covered data type */
1103 			if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1104 				if(duplicate) *duplicate = 1;
1105 				return 1;
1106 			}
1107 			if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 1))
1108 				return 0;
1109 		} else if((rrset=az_domain_rrset(node, rr_type))!= NULL) {
1110 			/* add RRSIG to rrset of type RRSIG */
1111 			if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1112 				if(duplicate) *duplicate = 1;
1113 				return 1;
1114 			}
1115 			if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0))
1116 				return 0;
1117 		} else {
1118 			/* create rrset of type RRSIG */
1119 			if(!rrset_create(node, rr_type, rr_ttl, rdata,
1120 				rdatalen))
1121 				return 0;
1122 		}
1123 	} else {
1124 		/* normal RR type */
1125 		if((rrset=az_domain_rrset(node, rr_type))!= NULL) {
1126 			/* add data to existing node with data type */
1127 			if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1128 				if(duplicate) *duplicate = 1;
1129 				return 1;
1130 			}
1131 			if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0))
1132 				return 0;
1133 		} else {
1134 			struct auth_rrset* rrsig;
1135 			/* create new node with data type */
1136 			if(!(rrset=rrset_create(node, rr_type, rr_ttl, rdata,
1137 				rdatalen)))
1138 				return 0;
1139 
1140 			/* see if node of type RRSIG has signatures that
1141 			 * cover the data type, and move them over */
1142 			/* and then make the RRSIG type smaller */
1143 			if((rrsig=az_domain_rrset(node, LDNS_RR_TYPE_RRSIG))
1144 				!= NULL) {
1145 				if(!rrset_moveover_rrsigs(node, rr_type,
1146 					rrset, rrsig))
1147 					return 0;
1148 			}
1149 		}
1150 	}
1151 	return 1;
1152 }
1153 
1154 /** insert RR into zone, ignore duplicates */
1155 static int
1156 az_insert_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len,
1157 	size_t dname_len, int* duplicate)
1158 {
1159 	struct auth_data* node;
1160 	uint8_t* dname = rr;
1161 	uint16_t rr_type = sldns_wirerr_get_type(rr, rr_len, dname_len);
1162 	uint16_t rr_class = sldns_wirerr_get_class(rr, rr_len, dname_len);
1163 	uint32_t rr_ttl = sldns_wirerr_get_ttl(rr, rr_len, dname_len);
1164 	size_t rdatalen = ((size_t)sldns_wirerr_get_rdatalen(rr, rr_len,
1165 		dname_len))+2;
1166 	/* rdata points to rdata prefixed with uint16 rdatalength */
1167 	uint8_t* rdata = sldns_wirerr_get_rdatawl(rr, rr_len, dname_len);
1168 
1169 	if(rr_class != z->dclass) {
1170 		log_err("wrong class for RR");
1171 		return 0;
1172 	}
1173 	if(!(node=az_domain_find_or_create(z, dname, dname_len))) {
1174 		log_err("cannot create domain");
1175 		return 0;
1176 	}
1177 	if(!az_domain_add_rr(node, rr_type, rr_ttl, rdata, rdatalen,
1178 		duplicate)) {
1179 		log_err("cannot add RR to domain");
1180 		return 0;
1181 	}
1182 	if(z->rpz) {
1183 		if(!(rpz_insert_rr(z->rpz, z->name, z->namelen, dname,
1184 			dname_len, rr_type, rr_class, rr_ttl, rdata, rdatalen,
1185 			rr, rr_len)))
1186 			return 0;
1187 	}
1188 	return 1;
1189 }
1190 
1191 /** Remove rr from node, ignores nonexisting RRs,
1192  * rdata points to buffer with rdatalen octets, starts with 2bytelength. */
1193 static int
1194 az_domain_remove_rr(struct auth_data* node, uint16_t rr_type,
1195 	uint8_t* rdata, size_t rdatalen, int* nonexist)
1196 {
1197 	struct auth_rrset* rrset;
1198 	size_t index = 0;
1199 
1200 	/* find the plain RR of the given type */
1201 	if((rrset=az_domain_rrset(node, rr_type))!= NULL) {
1202 		if(packed_rrset_find_rr(rrset->data, rdata, rdatalen, &index)) {
1203 			if(rrset->data->count == 1 &&
1204 				rrset->data->rrsig_count == 0) {
1205 				/* last RR, delete the rrset */
1206 				domain_remove_rrset(node, rr_type);
1207 			} else if(rrset->data->count == 1 &&
1208 				rrset->data->rrsig_count != 0) {
1209 				/* move RRSIGs to the RRSIG rrset, or
1210 				 * this one becomes that RRset */
1211 				struct auth_rrset* rrsigset = az_domain_rrset(
1212 					node, LDNS_RR_TYPE_RRSIG);
1213 				if(rrsigset) {
1214 					/* move left over rrsigs to the
1215 					 * existing rrset of type RRSIG */
1216 					rrsigs_copy_from_rrset_to_rrsigset(
1217 						rrset, rrsigset);
1218 					/* and then delete the rrset */
1219 					domain_remove_rrset(node, rr_type);
1220 				} else {
1221 					/* no rrset of type RRSIG, this
1222 					 * set is now of that type,
1223 					 * just remove the rr */
1224 					if(!rrset_remove_rr(rrset, index))
1225 						return 0;
1226 					rrset->type = LDNS_RR_TYPE_RRSIG;
1227 					rrset->data->count = rrset->data->rrsig_count;
1228 					rrset->data->rrsig_count = 0;
1229 				}
1230 			} else {
1231 				/* remove the RR from the rrset */
1232 				if(!rrset_remove_rr(rrset, index))
1233 					return 0;
1234 			}
1235 			return 1;
1236 		}
1237 		/* rr not found in rrset */
1238 	}
1239 
1240 	/* is it a type RRSIG, look under the covered type */
1241 	if(rr_type == LDNS_RR_TYPE_RRSIG) {
1242 		uint16_t ctype = rrsig_rdata_get_type_covered(rdata, rdatalen);
1243 		if((rrset=az_domain_rrset(node, ctype))!= NULL) {
1244 			if(az_rrset_find_rrsig(rrset->data, rdata, rdatalen,
1245 				&index)) {
1246 				/* rrsig should have d->count > 0, be
1247 				 * over some rr of that type */
1248 				/* remove the rrsig from the rrsigs list of the
1249 				 * rrset */
1250 				if(!rrset_remove_rr(rrset, index))
1251 					return 0;
1252 				return 1;
1253 			}
1254 		}
1255 		/* also RRSIG not found */
1256 	}
1257 
1258 	/* nothing found to delete */
1259 	if(nonexist) *nonexist = 1;
1260 	return 1;
1261 }
1262 
1263 /** remove RR from zone, ignore if it does not exist, false on alloc failure*/
1264 static int
1265 az_remove_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len,
1266 	size_t dname_len, int* nonexist)
1267 {
1268 	struct auth_data* node;
1269 	uint8_t* dname = rr;
1270 	uint16_t rr_type = sldns_wirerr_get_type(rr, rr_len, dname_len);
1271 	uint16_t rr_class = sldns_wirerr_get_class(rr, rr_len, dname_len);
1272 	size_t rdatalen = ((size_t)sldns_wirerr_get_rdatalen(rr, rr_len,
1273 		dname_len))+2;
1274 	/* rdata points to rdata prefixed with uint16 rdatalength */
1275 	uint8_t* rdata = sldns_wirerr_get_rdatawl(rr, rr_len, dname_len);
1276 
1277 	if(rr_class != z->dclass) {
1278 		log_err("wrong class for RR");
1279 		/* really also a nonexisting entry, because no records
1280 		 * of that class in the zone, but return an error because
1281 		 * getting records of the wrong class is a failure of the
1282 		 * zone transfer */
1283 		return 0;
1284 	}
1285 	node = az_find_name(z, dname, dname_len);
1286 	if(!node) {
1287 		/* node with that name does not exist */
1288 		/* nonexisting entry, because no such name */
1289 		*nonexist = 1;
1290 		return 1;
1291 	}
1292 	if(!az_domain_remove_rr(node, rr_type, rdata, rdatalen, nonexist)) {
1293 		/* alloc failure or so */
1294 		return 0;
1295 	}
1296 	/* remove the node, if necessary */
1297 	/* an rrsets==NULL entry is not kept around for empty nonterminals,
1298 	 * and also parent nodes are not kept around, so we just delete it */
1299 	if(node->rrsets == NULL) {
1300 		(void)rbtree_delete(&z->data, node);
1301 		auth_data_delete(node);
1302 	}
1303 	if(z->rpz) {
1304 		rpz_remove_rr(z->rpz, z->namelen, dname, dname_len, rr_type,
1305 			rr_class, rdata, rdatalen);
1306 	}
1307 	return 1;
1308 }
1309 
1310 /** decompress an RR into the buffer where it'll be an uncompressed RR
1311  * with uncompressed dname and uncompressed rdata (dnames) */
1312 static int
1313 decompress_rr_into_buffer(struct sldns_buffer* buf, uint8_t* pkt,
1314 	size_t pktlen, uint8_t* dname, uint16_t rr_type, uint16_t rr_class,
1315 	uint32_t rr_ttl, uint8_t* rr_data, uint16_t rr_rdlen)
1316 {
1317 	sldns_buffer pktbuf;
1318 	size_t dname_len = 0;
1319 	size_t rdlenpos;
1320 	size_t rdlen;
1321 	uint8_t* rd;
1322 	const sldns_rr_descriptor* desc;
1323 	sldns_buffer_init_frm_data(&pktbuf, pkt, pktlen);
1324 	sldns_buffer_clear(buf);
1325 
1326 	/* decompress dname */
1327 	sldns_buffer_set_position(&pktbuf,
1328 		(size_t)(dname - sldns_buffer_current(&pktbuf)));
1329 	dname_len = pkt_dname_len(&pktbuf);
1330 	if(dname_len == 0) return 0; /* parse fail on dname */
1331 	if(!sldns_buffer_available(buf, dname_len)) return 0;
1332 	dname_pkt_copy(&pktbuf, sldns_buffer_current(buf), dname);
1333 	sldns_buffer_skip(buf, (ssize_t)dname_len);
1334 
1335 	/* type, class, ttl and rdatalength fields */
1336 	if(!sldns_buffer_available(buf, 10)) return 0;
1337 	sldns_buffer_write_u16(buf, rr_type);
1338 	sldns_buffer_write_u16(buf, rr_class);
1339 	sldns_buffer_write_u32(buf, rr_ttl);
1340 	rdlenpos = sldns_buffer_position(buf);
1341 	sldns_buffer_write_u16(buf, 0); /* rd length position */
1342 
1343 	/* decompress rdata */
1344 	desc = sldns_rr_descript(rr_type);
1345 	rd = rr_data;
1346 	rdlen = rr_rdlen;
1347 	if(rdlen > 0 && desc && desc->_dname_count > 0) {
1348 		int count = (int)desc->_dname_count;
1349 		int rdf = 0;
1350 		size_t len; /* how much rdata to plain copy */
1351 		size_t uncompressed_len, compressed_len;
1352 		size_t oldpos;
1353 		/* decompress dnames. */
1354 		while(rdlen > 0 && count) {
1355 			switch(desc->_wireformat[rdf]) {
1356 			case LDNS_RDF_TYPE_DNAME:
1357 				sldns_buffer_set_position(&pktbuf,
1358 					(size_t)(rd -
1359 					sldns_buffer_begin(&pktbuf)));
1360 				oldpos = sldns_buffer_position(&pktbuf);
1361 				/* moves pktbuf to right after the
1362 				 * compressed dname, and returns uncompressed
1363 				 * dname length */
1364 				uncompressed_len = pkt_dname_len(&pktbuf);
1365 				if(!uncompressed_len)
1366 					return 0; /* parse error in dname */
1367 				if(!sldns_buffer_available(buf,
1368 					uncompressed_len))
1369 					/* dname too long for buffer */
1370 					return 0;
1371 				dname_pkt_copy(&pktbuf,
1372 					sldns_buffer_current(buf), rd);
1373 				sldns_buffer_skip(buf, (ssize_t)uncompressed_len);
1374 				compressed_len = sldns_buffer_position(
1375 					&pktbuf) - oldpos;
1376 				rd += compressed_len;
1377 				rdlen -= compressed_len;
1378 				count--;
1379 				len = 0;
1380 				break;
1381 			case LDNS_RDF_TYPE_STR:
1382 				len = rd[0] + 1;
1383 				break;
1384 			default:
1385 				len = get_rdf_size(desc->_wireformat[rdf]);
1386 				break;
1387 			}
1388 			if(len) {
1389 				if(!sldns_buffer_available(buf, len))
1390 					return 0; /* too long for buffer */
1391 				sldns_buffer_write(buf, rd, len);
1392 				rd += len;
1393 				rdlen -= len;
1394 			}
1395 			rdf++;
1396 		}
1397 	}
1398 	/* copy remaining data */
1399 	if(rdlen > 0) {
1400 		if(!sldns_buffer_available(buf, rdlen)) return 0;
1401 		sldns_buffer_write(buf, rd, rdlen);
1402 	}
1403 	/* fixup rdlength */
1404 	sldns_buffer_write_u16_at(buf, rdlenpos,
1405 		sldns_buffer_position(buf)-rdlenpos-2);
1406 	sldns_buffer_flip(buf);
1407 	return 1;
1408 }
1409 
1410 /** insert RR into zone, from packet, decompress RR,
1411  * if duplicate is nonNULL set the flag but otherwise ignore duplicates */
1412 static int
1413 az_insert_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen,
1414 	struct sldns_buffer* scratch_buffer, uint8_t* dname, uint16_t rr_type,
1415 	uint16_t rr_class, uint32_t rr_ttl, uint8_t* rr_data,
1416 	uint16_t rr_rdlen, int* duplicate)
1417 {
1418 	uint8_t* rr;
1419 	size_t rr_len;
1420 	size_t dname_len;
1421 	if(!decompress_rr_into_buffer(scratch_buffer, pkt, pktlen, dname,
1422 		rr_type, rr_class, rr_ttl, rr_data, rr_rdlen)) {
1423 		log_err("could not decompress RR");
1424 		return 0;
1425 	}
1426 	rr = sldns_buffer_begin(scratch_buffer);
1427 	rr_len = sldns_buffer_limit(scratch_buffer);
1428 	dname_len = dname_valid(rr, rr_len);
1429 	return az_insert_rr(z, rr, rr_len, dname_len, duplicate);
1430 }
1431 
1432 /** remove RR from zone, from packet, decompress RR,
1433  * if nonexist is nonNULL set the flag but otherwise ignore nonexisting entries*/
1434 static int
1435 az_remove_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen,
1436 	struct sldns_buffer* scratch_buffer, uint8_t* dname, uint16_t rr_type,
1437 	uint16_t rr_class, uint32_t rr_ttl, uint8_t* rr_data,
1438 	uint16_t rr_rdlen, int* nonexist)
1439 {
1440 	uint8_t* rr;
1441 	size_t rr_len;
1442 	size_t dname_len;
1443 	if(!decompress_rr_into_buffer(scratch_buffer, pkt, pktlen, dname,
1444 		rr_type, rr_class, rr_ttl, rr_data, rr_rdlen)) {
1445 		log_err("could not decompress RR");
1446 		return 0;
1447 	}
1448 	rr = sldns_buffer_begin(scratch_buffer);
1449 	rr_len = sldns_buffer_limit(scratch_buffer);
1450 	dname_len = dname_valid(rr, rr_len);
1451 	return az_remove_rr(z, rr, rr_len, dname_len, nonexist);
1452 }
1453 
1454 /**
1455  * Parse zonefile
1456  * @param z: zone to read in.
1457  * @param in: file to read from (just opened).
1458  * @param rr: buffer to use for RRs, 64k.
1459  *	passed so that recursive includes can use the same buffer and do
1460  *	not grow the stack too much.
1461  * @param rrbuflen: sizeof rr buffer.
1462  * @param state: parse state with $ORIGIN, $TTL and 'prev-dname' and so on,
1463  *	that is kept between includes.
1464  *	The lineno is set at 1 and then increased by the function.
1465  * @param fname: file name.
1466  * @param depth: recursion depth for includes
1467  * @param cfg: config for chroot.
1468  * returns false on failure, has printed an error message
1469  */
1470 static int
1471 az_parse_file(struct auth_zone* z, FILE* in, uint8_t* rr, size_t rrbuflen,
1472 	struct sldns_file_parse_state* state, char* fname, int depth,
1473 	struct config_file* cfg)
1474 {
1475 	size_t rr_len, dname_len;
1476 	int status;
1477 	state->lineno = 1;
1478 
1479 	while(!feof(in)) {
1480 		rr_len = rrbuflen;
1481 		dname_len = 0;
1482 		status = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len,
1483 			state);
1484 		if(status == LDNS_WIREPARSE_ERR_INCLUDE && rr_len == 0) {
1485 			/* we have $INCLUDE or $something */
1486 			if(strncmp((char*)rr, "$INCLUDE ", 9) == 0 ||
1487 			   strncmp((char*)rr, "$INCLUDE\t", 9) == 0) {
1488 				FILE* inc;
1489 				int lineno_orig = state->lineno;
1490 				char* incfile = (char*)rr + 8;
1491 				if(depth > MAX_INCLUDE_DEPTH) {
1492 					log_err("%s:%d max include depth"
1493 					  "exceeded", fname, state->lineno);
1494 					return 0;
1495 				}
1496 				/* skip spaces */
1497 				while(*incfile == ' ' || *incfile == '\t')
1498 					incfile++;
1499 				/* adjust for chroot on include file */
1500 				if(cfg->chrootdir && cfg->chrootdir[0] &&
1501 					strncmp(incfile, cfg->chrootdir,
1502 						strlen(cfg->chrootdir)) == 0)
1503 					incfile += strlen(cfg->chrootdir);
1504 				incfile = strdup(incfile);
1505 				if(!incfile) {
1506 					log_err("malloc failure");
1507 					return 0;
1508 				}
1509 				verbose(VERB_ALGO, "opening $INCLUDE %s",
1510 					incfile);
1511 				inc = fopen(incfile, "r");
1512 				if(!inc) {
1513 					log_err("%s:%d cannot open include "
1514 						"file %s: %s", fname,
1515 						lineno_orig, incfile,
1516 						strerror(errno));
1517 					free(incfile);
1518 					return 0;
1519 				}
1520 				/* recurse read that file now */
1521 				if(!az_parse_file(z, inc, rr, rrbuflen,
1522 					state, incfile, depth+1, cfg)) {
1523 					log_err("%s:%d cannot parse include "
1524 						"file %s", fname,
1525 						lineno_orig, incfile);
1526 					fclose(inc);
1527 					free(incfile);
1528 					return 0;
1529 				}
1530 				fclose(inc);
1531 				verbose(VERB_ALGO, "done with $INCLUDE %s",
1532 					incfile);
1533 				free(incfile);
1534 				state->lineno = lineno_orig;
1535 			}
1536 			continue;
1537 		}
1538 		if(status != 0) {
1539 			log_err("parse error %s %d:%d: %s", fname,
1540 				state->lineno, LDNS_WIREPARSE_OFFSET(status),
1541 				sldns_get_errorstr_parse(status));
1542 			return 0;
1543 		}
1544 		if(rr_len == 0) {
1545 			/* EMPTY line, TTL or ORIGIN */
1546 			continue;
1547 		}
1548 		/* insert wirerr in rrbuf */
1549 		if(!az_insert_rr(z, rr, rr_len, dname_len, NULL)) {
1550 			char buf[17];
1551 			sldns_wire2str_type_buf(sldns_wirerr_get_type(rr,
1552 				rr_len, dname_len), buf, sizeof(buf));
1553 			log_err("%s:%d cannot insert RR of type %s",
1554 				fname, state->lineno, buf);
1555 			return 0;
1556 		}
1557 	}
1558 	return 1;
1559 }
1560 
1561 int
1562 auth_zone_read_zonefile(struct auth_zone* z, struct config_file* cfg)
1563 {
1564 	uint8_t rr[LDNS_RR_BUF_SIZE];
1565 	struct sldns_file_parse_state state;
1566 	char* zfilename;
1567 	FILE* in;
1568 	if(!z || !z->zonefile || z->zonefile[0]==0)
1569 		return 1; /* no file, or "", nothing to read */
1570 
1571 	zfilename = z->zonefile;
1572 	if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(zfilename,
1573 		cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
1574 		zfilename += strlen(cfg->chrootdir);
1575 	if(verbosity >= VERB_ALGO) {
1576 		char nm[255+1];
1577 		dname_str(z->name, nm);
1578 		verbose(VERB_ALGO, "read zonefile %s for %s", zfilename, nm);
1579 	}
1580 	in = fopen(zfilename, "r");
1581 	if(!in) {
1582 		char* n = sldns_wire2str_dname(z->name, z->namelen);
1583 		if(z->zone_is_slave && errno == ENOENT) {
1584 			/* we fetch the zone contents later, no file yet */
1585 			verbose(VERB_ALGO, "no zonefile %s for %s",
1586 				zfilename, n?n:"error");
1587 			free(n);
1588 			return 1;
1589 		}
1590 		log_err("cannot open zonefile %s for %s: %s",
1591 			zfilename, n?n:"error", strerror(errno));
1592 		free(n);
1593 		return 0;
1594 	}
1595 
1596 	/* clear the data tree */
1597 	traverse_postorder(&z->data, auth_data_del, NULL);
1598 	rbtree_init(&z->data, &auth_data_cmp);
1599 	/* clear the RPZ policies */
1600 	if(z->rpz)
1601 		rpz_clear(z->rpz);
1602 
1603 	memset(&state, 0, sizeof(state));
1604 	/* default TTL to 3600 */
1605 	state.default_ttl = 3600;
1606 	/* set $ORIGIN to the zone name */
1607 	if(z->namelen <= sizeof(state.origin)) {
1608 		memcpy(state.origin, z->name, z->namelen);
1609 		state.origin_len = z->namelen;
1610 	}
1611 	/* parse the (toplevel) file */
1612 	if(!az_parse_file(z, in, rr, sizeof(rr), &state, zfilename, 0, cfg)) {
1613 		char* n = sldns_wire2str_dname(z->name, z->namelen);
1614 		log_err("error parsing zonefile %s for %s",
1615 			zfilename, n?n:"error");
1616 		free(n);
1617 		fclose(in);
1618 		return 0;
1619 	}
1620 	fclose(in);
1621 
1622 	if(z->rpz)
1623 		rpz_finish_config(z->rpz);
1624 	return 1;
1625 }
1626 
1627 /** write buffer to file and check return codes */
1628 static int
1629 write_out(FILE* out, const char* str, size_t len)
1630 {
1631 	size_t r;
1632 	if(len == 0)
1633 		return 1;
1634 	r = fwrite(str, 1, len, out);
1635 	if(r == 0) {
1636 		log_err("write failed: %s", strerror(errno));
1637 		return 0;
1638 	} else if(r < len) {
1639 		log_err("write failed: too short (disk full?)");
1640 		return 0;
1641 	}
1642 	return 1;
1643 }
1644 
1645 /** convert auth rr to string */
1646 static int
1647 auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl,
1648 	struct packed_rrset_data* data, size_t i, char* s, size_t buflen)
1649 {
1650 	int w = 0;
1651 	size_t slen = buflen, datlen;
1652 	uint8_t* dat;
1653 	if(i >= data->count) tp = LDNS_RR_TYPE_RRSIG;
1654 	dat = nm;
1655 	datlen = nmlen;
1656 	w += sldns_wire2str_dname_scan(&dat, &datlen, &s, &slen, NULL, 0, NULL);
1657 	w += sldns_str_print(&s, &slen, "\t");
1658 	w += sldns_str_print(&s, &slen, "%lu\t", (unsigned long)data->rr_ttl[i]);
1659 	w += sldns_wire2str_class_print(&s, &slen, cl);
1660 	w += sldns_str_print(&s, &slen, "\t");
1661 	w += sldns_wire2str_type_print(&s, &slen, tp);
1662 	w += sldns_str_print(&s, &slen, "\t");
1663 	datlen = data->rr_len[i]-2;
1664 	dat = data->rr_data[i]+2;
1665 	w += sldns_wire2str_rdata_scan(&dat, &datlen, &s, &slen, tp, NULL, 0, NULL);
1666 
1667 	if(tp == LDNS_RR_TYPE_DNSKEY) {
1668 		w += sldns_str_print(&s, &slen, " ;{id = %u}",
1669 			sldns_calc_keytag_raw(data->rr_data[i]+2,
1670 				data->rr_len[i]-2));
1671 	}
1672 	w += sldns_str_print(&s, &slen, "\n");
1673 
1674 	if(w >= (int)buflen) {
1675 		log_nametypeclass(NO_VERBOSE, "RR too long to print", nm, tp, cl);
1676 		return 0;
1677 	}
1678 	return 1;
1679 }
1680 
1681 /** write rrset to file */
1682 static int
1683 auth_zone_write_rrset(struct auth_zone* z, struct auth_data* node,
1684 	struct auth_rrset* r, FILE* out)
1685 {
1686 	size_t i, count = r->data->count + r->data->rrsig_count;
1687 	char buf[LDNS_RR_BUF_SIZE];
1688 	for(i=0; i<count; i++) {
1689 		if(!auth_rr_to_string(node->name, node->namelen, r->type,
1690 			z->dclass, r->data, i, buf, sizeof(buf))) {
1691 			verbose(VERB_ALGO, "failed to rr2str rr %d", (int)i);
1692 			continue;
1693 		}
1694 		if(!write_out(out, buf, strlen(buf)))
1695 			return 0;
1696 	}
1697 	return 1;
1698 }
1699 
1700 /** write domain to file */
1701 static int
1702 auth_zone_write_domain(struct auth_zone* z, struct auth_data* n, FILE* out)
1703 {
1704 	struct auth_rrset* r;
1705 	/* if this is zone apex, write SOA first */
1706 	if(z->namelen == n->namelen) {
1707 		struct auth_rrset* soa = az_domain_rrset(n, LDNS_RR_TYPE_SOA);
1708 		if(soa) {
1709 			if(!auth_zone_write_rrset(z, n, soa, out))
1710 				return 0;
1711 		}
1712 	}
1713 	/* write all the RRsets for this domain */
1714 	for(r = n->rrsets; r; r = r->next) {
1715 		if(z->namelen == n->namelen &&
1716 			r->type == LDNS_RR_TYPE_SOA)
1717 			continue; /* skip SOA here */
1718 		if(!auth_zone_write_rrset(z, n, r, out))
1719 			return 0;
1720 	}
1721 	return 1;
1722 }
1723 
1724 int auth_zone_write_file(struct auth_zone* z, const char* fname)
1725 {
1726 	FILE* out;
1727 	struct auth_data* n;
1728 	out = fopen(fname, "w");
1729 	if(!out) {
1730 		log_err("could not open %s: %s", fname, strerror(errno));
1731 		return 0;
1732 	}
1733 	RBTREE_FOR(n, struct auth_data*, &z->data) {
1734 		if(!auth_zone_write_domain(z, n, out)) {
1735 			log_err("could not write domain to %s", fname);
1736 			fclose(out);
1737 			return 0;
1738 		}
1739 	}
1740 	fclose(out);
1741 	return 1;
1742 }
1743 
1744 /** read all auth zones from file (if they have) */
1745 static int
1746 auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg)
1747 {
1748 	struct auth_zone* z;
1749 	lock_rw_wrlock(&az->lock);
1750 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1751 		lock_rw_wrlock(&z->lock);
1752 		if(!auth_zone_read_zonefile(z, cfg)) {
1753 			lock_rw_unlock(&z->lock);
1754 			lock_rw_unlock(&az->lock);
1755 			return 0;
1756 		}
1757 		lock_rw_unlock(&z->lock);
1758 	}
1759 	lock_rw_unlock(&az->lock);
1760 	return 1;
1761 }
1762 
1763 /** find serial number of zone or false if none */
1764 int
1765 auth_zone_get_serial(struct auth_zone* z, uint32_t* serial)
1766 {
1767 	struct auth_data* apex;
1768 	struct auth_rrset* soa;
1769 	struct packed_rrset_data* d;
1770 	apex = az_find_name(z, z->name, z->namelen);
1771 	if(!apex) return 0;
1772 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
1773 	if(!soa || soa->data->count==0)
1774 		return 0; /* no RRset or no RRs in rrset */
1775 	if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */
1776 	d = soa->data;
1777 	*serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20));
1778 	return 1;
1779 }
1780 
1781 /** Find auth_zone SOA and populate the values in xfr(soa values). */
1782 static int
1783 xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr)
1784 {
1785 	struct auth_data* apex;
1786 	struct auth_rrset* soa;
1787 	struct packed_rrset_data* d;
1788 	apex = az_find_name(z, z->name, z->namelen);
1789 	if(!apex) return 0;
1790 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
1791 	if(!soa || soa->data->count==0)
1792 		return 0; /* no RRset or no RRs in rrset */
1793 	if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */
1794 	/* SOA record ends with serial, refresh, retry, expiry, minimum,
1795 	 * as 4 byte fields */
1796 	d = soa->data;
1797 	xfr->have_zone = 1;
1798 	xfr->serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20));
1799 	xfr->refresh = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-16));
1800 	xfr->retry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-12));
1801 	xfr->expiry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-8));
1802 	/* soa minimum at d->rr_len[0]-4 */
1803 	return 1;
1804 }
1805 
1806 /**
1807  * Setup auth_xfer zone
1808  * This populates the have_zone, soa values, and so on times.
1809  * Doesn't do network traffic yet, can set option flags.
1810  * @param z: locked by caller, and modified for setup
1811  * @param x: locked by caller, and modified.
1812  * @return false on failure.
1813  */
1814 static int
1815 auth_xfer_setup(struct auth_zone* z, struct auth_xfer* x)
1816 {
1817 	/* for a zone without zone transfers, x==NULL, so skip them,
1818 	 * i.e. the zone config is fixed with no masters or urls */
1819 	if(!z || !x) return 1;
1820 	if(!xfr_find_soa(z, x)) {
1821 		return 1;
1822 	}
1823 	/* nothing for probe, nextprobe and transfer tasks */
1824 	return 1;
1825 }
1826 
1827 /**
1828  * Setup all zones
1829  * @param az: auth zones structure
1830  * @return false on failure.
1831  */
1832 static int
1833 auth_zones_setup_zones(struct auth_zones* az)
1834 {
1835 	struct auth_zone* z;
1836 	struct auth_xfer* x;
1837 	lock_rw_wrlock(&az->lock);
1838 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1839 		lock_rw_wrlock(&z->lock);
1840 		x = auth_xfer_find(az, z->name, z->namelen, z->dclass);
1841 		if(x) {
1842 			lock_basic_lock(&x->lock);
1843 		}
1844 		if(!auth_xfer_setup(z, x)) {
1845 			if(x) {
1846 				lock_basic_unlock(&x->lock);
1847 			}
1848 			lock_rw_unlock(&z->lock);
1849 			lock_rw_unlock(&az->lock);
1850 			return 0;
1851 		}
1852 		if(x) {
1853 			lock_basic_unlock(&x->lock);
1854 		}
1855 		lock_rw_unlock(&z->lock);
1856 	}
1857 	lock_rw_unlock(&az->lock);
1858 	return 1;
1859 }
1860 
1861 /** set config items and create zones */
1862 static int
1863 auth_zones_cfg(struct auth_zones* az, struct config_auth* c)
1864 {
1865 	struct auth_zone* z;
1866 	struct auth_xfer* x = NULL;
1867 
1868 	/* create zone */
1869 	if(c->isrpz) {
1870 		/* if the rpz lock is needed, grab it before the other
1871 		 * locks to avoid a lock dependency cycle */
1872 		lock_rw_wrlock(&az->rpz_lock);
1873 	}
1874 	lock_rw_wrlock(&az->lock);
1875 	if(!(z=auth_zones_find_or_add_zone(az, c->name))) {
1876 		lock_rw_unlock(&az->lock);
1877 		if(c->isrpz) {
1878 			lock_rw_unlock(&az->rpz_lock);
1879 		}
1880 		return 0;
1881 	}
1882 	if(c->masters || c->urls) {
1883 		if(!(x=auth_zones_find_or_add_xfer(az, z))) {
1884 			lock_rw_unlock(&az->lock);
1885 			lock_rw_unlock(&z->lock);
1886 			if(c->isrpz) {
1887 				lock_rw_unlock(&az->rpz_lock);
1888 			}
1889 			return 0;
1890 		}
1891 	}
1892 	if(c->for_downstream)
1893 		az->have_downstream = 1;
1894 	lock_rw_unlock(&az->lock);
1895 
1896 	/* set options */
1897 	z->zone_deleted = 0;
1898 	if(!auth_zone_set_zonefile(z, c->zonefile)) {
1899 		if(x) {
1900 			lock_basic_unlock(&x->lock);
1901 		}
1902 		lock_rw_unlock(&z->lock);
1903 		if(c->isrpz) {
1904 			lock_rw_unlock(&az->rpz_lock);
1905 		}
1906 		return 0;
1907 	}
1908 	z->for_downstream = c->for_downstream;
1909 	z->for_upstream = c->for_upstream;
1910 	z->fallback_enabled = c->fallback_enabled;
1911 	if(c->isrpz && !z->rpz){
1912 		if(!(z->rpz = rpz_create(c))){
1913 			fatal_exit("Could not setup RPZ zones");
1914 			return 0;
1915 		}
1916 		lock_protect(&z->lock, &z->rpz->local_zones, sizeof(*z->rpz));
1917 		/* the az->rpz_lock is locked above */
1918 		z->rpz_az_next = az->rpz_first;
1919 		if(az->rpz_first)
1920 			az->rpz_first->rpz_az_prev = z;
1921 		az->rpz_first = z;
1922 	}
1923 	if(c->isrpz) {
1924 		lock_rw_unlock(&az->rpz_lock);
1925 	}
1926 
1927 	/* xfer zone */
1928 	if(x) {
1929 		z->zone_is_slave = 1;
1930 		/* set options on xfer zone */
1931 		if(!xfer_set_masters(&x->task_probe->masters, c, 0)) {
1932 			lock_basic_unlock(&x->lock);
1933 			lock_rw_unlock(&z->lock);
1934 			return 0;
1935 		}
1936 		if(!xfer_set_masters(&x->task_transfer->masters, c, 1)) {
1937 			lock_basic_unlock(&x->lock);
1938 			lock_rw_unlock(&z->lock);
1939 			return 0;
1940 		}
1941 		lock_basic_unlock(&x->lock);
1942 	}
1943 
1944 	lock_rw_unlock(&z->lock);
1945 	return 1;
1946 }
1947 
1948 /** set all auth zones deleted, then in auth_zones_cfg, it marks them
1949  * as nondeleted (if they are still in the config), and then later
1950  * we can find deleted zones */
1951 static void
1952 az_setall_deleted(struct auth_zones* az)
1953 {
1954 	struct auth_zone* z;
1955 	lock_rw_wrlock(&az->lock);
1956 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1957 		lock_rw_wrlock(&z->lock);
1958 		z->zone_deleted = 1;
1959 		lock_rw_unlock(&z->lock);
1960 	}
1961 	lock_rw_unlock(&az->lock);
1962 }
1963 
1964 /** find zones that are marked deleted and delete them.
1965  * This is called from apply_cfg, and there are no threads and no
1966  * workers, so the xfr can just be deleted. */
1967 static void
1968 az_delete_deleted_zones(struct auth_zones* az)
1969 {
1970 	struct auth_zone* z;
1971 	struct auth_zone* delete_list = NULL, *next;
1972 	struct auth_xfer* xfr;
1973 	lock_rw_wrlock(&az->lock);
1974 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1975 		lock_rw_wrlock(&z->lock);
1976 		if(z->zone_deleted) {
1977 			/* we cannot alter the rbtree right now, but
1978 			 * we can put it on a linked list and then
1979 			 * delete it */
1980 			z->delete_next = delete_list;
1981 			delete_list = z;
1982 		}
1983 		lock_rw_unlock(&z->lock);
1984 	}
1985 	/* now we are out of the tree loop and we can loop and delete
1986 	 * the zones */
1987 	z = delete_list;
1988 	while(z) {
1989 		next = z->delete_next;
1990 		xfr = auth_xfer_find(az, z->name, z->namelen, z->dclass);
1991 		if(xfr) {
1992 			(void)rbtree_delete(&az->xtree, &xfr->node);
1993 			auth_xfer_delete(xfr);
1994 		}
1995 		(void)rbtree_delete(&az->ztree, &z->node);
1996 		auth_zone_delete(z, az);
1997 		z = next;
1998 	}
1999 	lock_rw_unlock(&az->lock);
2000 }
2001 
2002 int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg,
2003 	int setup, int* is_rpz)
2004 {
2005 	struct config_auth* p;
2006 	az_setall_deleted(az);
2007 	for(p = cfg->auths; p; p = p->next) {
2008 		if(!p->name || p->name[0] == 0) {
2009 			log_warn("auth-zone without a name, skipped");
2010 			continue;
2011 		}
2012 		*is_rpz = (*is_rpz || p->isrpz);
2013 		if(!auth_zones_cfg(az, p)) {
2014 			log_err("cannot config auth zone %s", p->name);
2015 			return 0;
2016 		}
2017 	}
2018 	az_delete_deleted_zones(az);
2019 	if(!auth_zones_read_zones(az, cfg))
2020 		return 0;
2021 	if(setup) {
2022 		if(!auth_zones_setup_zones(az))
2023 			return 0;
2024 	}
2025 	return 1;
2026 }
2027 
2028 /** delete chunks
2029  * @param at: transfer structure with chunks list.  The chunks and their
2030  * 	data are freed.
2031  */
2032 static void
2033 auth_chunks_delete(struct auth_transfer* at)
2034 {
2035 	if(at->chunks_first) {
2036 		struct auth_chunk* c, *cn;
2037 		c = at->chunks_first;
2038 		while(c) {
2039 			cn = c->next;
2040 			free(c->data);
2041 			free(c);
2042 			c = cn;
2043 		}
2044 	}
2045 	at->chunks_first = NULL;
2046 	at->chunks_last = NULL;
2047 }
2048 
2049 /** free master addr list */
2050 static void
2051 auth_free_master_addrs(struct auth_addr* list)
2052 {
2053 	struct auth_addr *n;
2054 	while(list) {
2055 		n = list->next;
2056 		free(list);
2057 		list = n;
2058 	}
2059 }
2060 
2061 /** free the masters list */
2062 static void
2063 auth_free_masters(struct auth_master* list)
2064 {
2065 	struct auth_master* n;
2066 	while(list) {
2067 		n = list->next;
2068 		auth_free_master_addrs(list->list);
2069 		free(list->host);
2070 		free(list->file);
2071 		free(list);
2072 		list = n;
2073 	}
2074 }
2075 
2076 /** delete auth xfer structure
2077  * @param xfr: delete this xfer and its tasks.
2078  */
2079 static void
2080 auth_xfer_delete(struct auth_xfer* xfr)
2081 {
2082 	if(!xfr) return;
2083 	lock_basic_destroy(&xfr->lock);
2084 	free(xfr->name);
2085 	if(xfr->task_nextprobe) {
2086 		comm_timer_delete(xfr->task_nextprobe->timer);
2087 		free(xfr->task_nextprobe);
2088 	}
2089 	if(xfr->task_probe) {
2090 		auth_free_masters(xfr->task_probe->masters);
2091 		comm_point_delete(xfr->task_probe->cp);
2092 		comm_timer_delete(xfr->task_probe->timer);
2093 		free(xfr->task_probe);
2094 	}
2095 	if(xfr->task_transfer) {
2096 		auth_free_masters(xfr->task_transfer->masters);
2097 		comm_point_delete(xfr->task_transfer->cp);
2098 		comm_timer_delete(xfr->task_transfer->timer);
2099 		if(xfr->task_transfer->chunks_first) {
2100 			auth_chunks_delete(xfr->task_transfer);
2101 		}
2102 		free(xfr->task_transfer);
2103 	}
2104 	auth_free_masters(xfr->allow_notify_list);
2105 	free(xfr);
2106 }
2107 
2108 /** helper traverse to delete zones */
2109 static void
2110 auth_zone_del(rbnode_type* n, void* ATTR_UNUSED(arg))
2111 {
2112 	struct auth_zone* z = (struct auth_zone*)n->key;
2113 	auth_zone_delete(z, NULL);
2114 }
2115 
2116 /** helper traverse to delete xfer zones */
2117 static void
2118 auth_xfer_del(rbnode_type* n, void* ATTR_UNUSED(arg))
2119 {
2120 	struct auth_xfer* z = (struct auth_xfer*)n->key;
2121 	auth_xfer_delete(z);
2122 }
2123 
2124 void auth_zones_delete(struct auth_zones* az)
2125 {
2126 	if(!az) return;
2127 	lock_rw_destroy(&az->lock);
2128 	lock_rw_destroy(&az->rpz_lock);
2129 	traverse_postorder(&az->ztree, auth_zone_del, NULL);
2130 	traverse_postorder(&az->xtree, auth_xfer_del, NULL);
2131 	free(az);
2132 }
2133 
2134 /** true if domain has only nsec3 */
2135 static int
2136 domain_has_only_nsec3(struct auth_data* n)
2137 {
2138 	struct auth_rrset* rrset = n->rrsets;
2139 	int nsec3_seen = 0;
2140 	while(rrset) {
2141 		if(rrset->type == LDNS_RR_TYPE_NSEC3) {
2142 			nsec3_seen = 1;
2143 		} else if(rrset->type != LDNS_RR_TYPE_RRSIG) {
2144 			return 0;
2145 		}
2146 		rrset = rrset->next;
2147 	}
2148 	return nsec3_seen;
2149 }
2150 
2151 /** see if the domain has a wildcard child '*.domain' */
2152 static struct auth_data*
2153 az_find_wildcard_domain(struct auth_zone* z, uint8_t* nm, size_t nmlen)
2154 {
2155 	uint8_t wc[LDNS_MAX_DOMAINLEN];
2156 	if(nmlen+2 > sizeof(wc))
2157 		return NULL; /* result would be too long */
2158 	wc[0] = 1; /* length of wildcard label */
2159 	wc[1] = (uint8_t)'*'; /* wildcard label */
2160 	memmove(wc+2, nm, nmlen);
2161 	return az_find_name(z, wc, nmlen+2);
2162 }
2163 
2164 /** find wildcard between qname and cename */
2165 static struct auth_data*
2166 az_find_wildcard(struct auth_zone* z, struct query_info* qinfo,
2167 	struct auth_data* ce)
2168 {
2169 	uint8_t* nm = qinfo->qname;
2170 	size_t nmlen = qinfo->qname_len;
2171 	struct auth_data* node;
2172 	if(!dname_subdomain_c(nm, z->name))
2173 		return NULL; /* out of zone */
2174 	while((node=az_find_wildcard_domain(z, nm, nmlen))==NULL) {
2175 		/* see if we can go up to find the wildcard */
2176 		if(nmlen == z->namelen)
2177 			return NULL; /* top of zone reached */
2178 		if(ce && nmlen == ce->namelen)
2179 			return NULL; /* ce reached */
2180 		if(dname_is_root(nm))
2181 			return NULL; /* cannot go up */
2182 		dname_remove_label(&nm, &nmlen);
2183 	}
2184 	return node;
2185 }
2186 
2187 /** domain is not exact, find first candidate ce (name that matches
2188  * a part of qname) in tree */
2189 static struct auth_data*
2190 az_find_candidate_ce(struct auth_zone* z, struct query_info* qinfo,
2191 	struct auth_data* n)
2192 {
2193 	uint8_t* nm;
2194 	size_t nmlen;
2195 	if(n) {
2196 		nm = dname_get_shared_topdomain(qinfo->qname, n->name);
2197 	} else {
2198 		nm = qinfo->qname;
2199 	}
2200 	dname_count_size_labels(nm, &nmlen);
2201 	n = az_find_name(z, nm, nmlen);
2202 	/* delete labels and go up on name */
2203 	while(!n) {
2204 		if(dname_is_root(nm))
2205 			return NULL; /* cannot go up */
2206 		dname_remove_label(&nm, &nmlen);
2207 		n = az_find_name(z, nm, nmlen);
2208 	}
2209 	return n;
2210 }
2211 
2212 /** go up the auth tree to next existing name. */
2213 static struct auth_data*
2214 az_domain_go_up(struct auth_zone* z, struct auth_data* n)
2215 {
2216 	uint8_t* nm = n->name;
2217 	size_t nmlen = n->namelen;
2218 	while(!dname_is_root(nm)) {
2219 		dname_remove_label(&nm, &nmlen);
2220 		if((n=az_find_name(z, nm, nmlen)) != NULL)
2221 			return n;
2222 	}
2223 	return NULL;
2224 }
2225 
2226 /** Find the closest encloser, an name that exists and is above the
2227  * qname.
2228  * return true if the node (param node) is existing, nonobscured and
2229  * 	can be used to generate answers from.  It is then also node_exact.
2230  * returns false if the node is not good enough (or it wasn't node_exact)
2231  *	in this case the ce can be filled.
2232  *	if ce is NULL, no ce exists, and likely the zone is completely empty,
2233  *	not even with a zone apex.
2234  *	if ce is nonNULL it is the closest enclosing upper name (that exists
2235  *	itself for answer purposes).  That name may have DNAME, NS or wildcard
2236  *	rrset is the closest DNAME or NS rrset that was found.
2237  */
2238 static int
2239 az_find_ce(struct auth_zone* z, struct query_info* qinfo,
2240 	struct auth_data* node, int node_exact, struct auth_data** ce,
2241 	struct auth_rrset** rrset)
2242 {
2243 	struct auth_data* n = node;
2244 	*ce = NULL;
2245 	*rrset = NULL;
2246 	if(!node_exact) {
2247 		/* if not exact, lookup closest exact match */
2248 		n = az_find_candidate_ce(z, qinfo, n);
2249 	} else {
2250 		/* if exact, the node itself is the first candidate ce */
2251 		*ce = n;
2252 	}
2253 
2254 	/* no direct answer from nsec3-only domains */
2255 	if(n && domain_has_only_nsec3(n)) {
2256 		node_exact = 0;
2257 		*ce = NULL;
2258 	}
2259 
2260 	/* with exact matches, walk up the labels until we find the
2261 	 * delegation, or DNAME or zone end */
2262 	while(n) {
2263 		/* see if the current candidate has issues */
2264 		/* not zone apex and has type NS */
2265 		if(n->namelen != z->namelen &&
2266 			(*rrset=az_domain_rrset(n, LDNS_RR_TYPE_NS)) &&
2267 			/* delegate here, but DS at exact the dp has notype */
2268 			(qinfo->qtype != LDNS_RR_TYPE_DS ||
2269 			n->namelen != qinfo->qname_len)) {
2270 			/* referral */
2271 			/* this is ce and the lowernode is nonexisting */
2272 			*ce = n;
2273 			return 0;
2274 		}
2275 		/* not equal to qname and has type DNAME */
2276 		if(n->namelen != qinfo->qname_len &&
2277 			(*rrset=az_domain_rrset(n, LDNS_RR_TYPE_DNAME))) {
2278 			/* this is ce and the lowernode is nonexisting */
2279 			*ce = n;
2280 			return 0;
2281 		}
2282 
2283 		if(*ce == NULL && !domain_has_only_nsec3(n)) {
2284 			/* if not found yet, this exact name must be
2285 			 * our lowest match (but not nsec3onlydomain) */
2286 			*ce = n;
2287 		}
2288 
2289 		/* walk up the tree by removing labels from name and lookup */
2290 		n = az_domain_go_up(z, n);
2291 	}
2292 	/* found no problems, if it was an exact node, it is fine to use */
2293 	return node_exact;
2294 }
2295 
2296 /** add additional A/AAAA from domain names in rrset rdata (+offset)
2297  * offset is number of bytes in rdata where the dname is located. */
2298 static int
2299 az_add_additionals_from(struct auth_zone* z, struct regional* region,
2300 	struct dns_msg* msg, struct auth_rrset* rrset, size_t offset)
2301 {
2302 	struct packed_rrset_data* d = rrset->data;
2303 	size_t i;
2304 	if(!d) return 0;
2305 	for(i=0; i<d->count; i++) {
2306 		size_t dlen;
2307 		struct auth_data* domain;
2308 		struct auth_rrset* ref;
2309 		if(d->rr_len[i] < 2+offset)
2310 			continue; /* too short */
2311 		if(!(dlen = dname_valid(d->rr_data[i]+2+offset,
2312 			d->rr_len[i]-2-offset)))
2313 			continue; /* malformed */
2314 		domain = az_find_name(z, d->rr_data[i]+2+offset, dlen);
2315 		if(!domain)
2316 			continue;
2317 		if((ref=az_domain_rrset(domain, LDNS_RR_TYPE_A)) != NULL) {
2318 			if(!msg_add_rrset_ar(z, region, msg, domain, ref))
2319 				return 0;
2320 		}
2321 		if((ref=az_domain_rrset(domain, LDNS_RR_TYPE_AAAA)) != NULL) {
2322 			if(!msg_add_rrset_ar(z, region, msg, domain, ref))
2323 				return 0;
2324 		}
2325 	}
2326 	return 1;
2327 }
2328 
2329 /** add negative SOA record (with negative TTL) */
2330 static int
2331 az_add_negative_soa(struct auth_zone* z, struct regional* region,
2332 	struct dns_msg* msg)
2333 {
2334 	uint32_t minimum;
2335 	struct packed_rrset_data* d;
2336 	struct auth_rrset* soa;
2337 	struct auth_data* apex = az_find_name(z, z->name, z->namelen);
2338 	if(!apex) return 0;
2339 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
2340 	if(!soa) return 0;
2341 	/* must be first to put in message; we want to fix the TTL with
2342 	 * one RRset here, otherwise we'd need to loop over the RRs to get
2343 	 * the resulting lower TTL */
2344 	log_assert(msg->rep->rrset_count == 0);
2345 	if(!msg_add_rrset_ns(z, region, msg, apex, soa)) return 0;
2346 	/* fixup TTL */
2347 	d = (struct packed_rrset_data*)msg->rep->rrsets[msg->rep->rrset_count-1]->entry.data;
2348 	/* last 4 bytes are minimum ttl in network format */
2349 	if(d->count == 0) return 0;
2350 	if(d->rr_len[0] < 2+4) return 0;
2351 	minimum = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4));
2352 	d->ttl = (time_t)minimum;
2353 	d->rr_ttl[0] = (time_t)minimum;
2354 	msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]);
2355 	msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
2356 	msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
2357 	return 1;
2358 }
2359 
2360 /** See if the query goes to empty nonterminal (that has no auth_data,
2361  * but there are nodes underneath.  We already checked that there are
2362  * not NS, or DNAME above, so that we only need to check if some node
2363  * exists below (with nonempty rr list), return true if emptynonterminal */
2364 static int
2365 az_empty_nonterminal(struct auth_zone* z, struct query_info* qinfo,
2366 	struct auth_data* node)
2367 {
2368 	struct auth_data* next;
2369 	if(!node) {
2370 		/* no smaller was found, use first (smallest) node as the
2371 		 * next one */
2372 		next = (struct auth_data*)rbtree_first(&z->data);
2373 	} else {
2374 		next = (struct auth_data*)rbtree_next(&node->node);
2375 	}
2376 	while(next && (rbnode_type*)next != RBTREE_NULL && next->rrsets == NULL) {
2377 		/* the next name has empty rrsets, is an empty nonterminal
2378 		 * itself, see if there exists something below it */
2379 		next = (struct auth_data*)rbtree_next(&node->node);
2380 	}
2381 	if((rbnode_type*)next == RBTREE_NULL || !next) {
2382 		/* there is no next node, so something below it cannot
2383 		 * exist */
2384 		return 0;
2385 	}
2386 	/* a next node exists, if there was something below the query,
2387 	 * this node has to be it.  See if it is below the query name */
2388 	if(dname_strict_subdomain_c(next->name, qinfo->qname))
2389 		return 1;
2390 	return 0;
2391 }
2392 
2393 /** create synth cname target name in buffer, or fail if too long */
2394 static size_t
2395 synth_cname_buf(uint8_t* qname, size_t qname_len, size_t dname_len,
2396 	uint8_t* dtarg, size_t dtarglen, uint8_t* buf, size_t buflen)
2397 {
2398 	size_t newlen = qname_len + dtarglen - dname_len;
2399 	if(newlen > buflen) {
2400 		/* YXDOMAIN error */
2401 		return 0;
2402 	}
2403 	/* new name is concatenation of qname front (without DNAME owner)
2404 	 * and DNAME target name */
2405 	memcpy(buf, qname, qname_len-dname_len);
2406 	memmove(buf+(qname_len-dname_len), dtarg, dtarglen);
2407 	return newlen;
2408 }
2409 
2410 /** create synthetic CNAME rrset for in a DNAME answer in region,
2411  * false on alloc failure, cname==NULL when name too long. */
2412 static int
2413 create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region,
2414 	struct auth_data* node, struct auth_rrset* dname, uint16_t dclass,
2415 	struct ub_packed_rrset_key** cname)
2416 {
2417 	uint8_t buf[LDNS_MAX_DOMAINLEN];
2418 	uint8_t* dtarg;
2419 	size_t dtarglen, newlen;
2420 	struct packed_rrset_data* d;
2421 
2422 	/* get DNAME target name */
2423 	if(dname->data->count < 1) return 0;
2424 	if(dname->data->rr_len[0] < 3) return 0; /* at least rdatalen +1 */
2425 	dtarg = dname->data->rr_data[0]+2;
2426 	dtarglen = dname->data->rr_len[0]-2;
2427 	if(sldns_read_uint16(dname->data->rr_data[0]) != dtarglen)
2428 		return 0; /* rdatalen in DNAME rdata is malformed */
2429 	if(dname_valid(dtarg, dtarglen) != dtarglen)
2430 		return 0; /* DNAME RR has malformed rdata */
2431 	if(qname_len == 0)
2432 		return 0; /* too short */
2433 	if(qname_len <= node->namelen)
2434 		return 0; /* qname too short for dname removal */
2435 
2436 	/* synthesize a CNAME */
2437 	newlen = synth_cname_buf(qname, qname_len, node->namelen,
2438 		dtarg, dtarglen, buf, sizeof(buf));
2439 	if(newlen == 0) {
2440 		/* YXDOMAIN error */
2441 		*cname = NULL;
2442 		return 1;
2443 	}
2444 	*cname = (struct ub_packed_rrset_key*)regional_alloc(region,
2445 		sizeof(struct ub_packed_rrset_key));
2446 	if(!*cname)
2447 		return 0; /* out of memory */
2448 	memset(&(*cname)->entry, 0, sizeof((*cname)->entry));
2449 	(*cname)->entry.key = (*cname);
2450 	(*cname)->rk.type = htons(LDNS_RR_TYPE_CNAME);
2451 	(*cname)->rk.rrset_class = htons(dclass);
2452 	(*cname)->rk.flags = 0;
2453 	(*cname)->rk.dname = regional_alloc_init(region, qname, qname_len);
2454 	if(!(*cname)->rk.dname)
2455 		return 0; /* out of memory */
2456 	(*cname)->rk.dname_len = qname_len;
2457 	(*cname)->entry.hash = rrset_key_hash(&(*cname)->rk);
2458 	d = (struct packed_rrset_data*)regional_alloc_zero(region,
2459 		sizeof(struct packed_rrset_data) + sizeof(size_t) +
2460 		sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t)
2461 		+ newlen);
2462 	if(!d)
2463 		return 0; /* out of memory */
2464 	(*cname)->entry.data = d;
2465 	d->ttl = 0; /* 0 for synthesized CNAME TTL */
2466 	d->count = 1;
2467 	d->rrsig_count = 0;
2468 	d->trust = rrset_trust_ans_noAA;
2469 	d->rr_len = (size_t*)((uint8_t*)d +
2470 		sizeof(struct packed_rrset_data));
2471 	d->rr_len[0] = newlen + sizeof(uint16_t);
2472 	packed_rrset_ptr_fixup(d);
2473 	d->rr_ttl[0] = d->ttl;
2474 	sldns_write_uint16(d->rr_data[0], newlen);
2475 	memmove(d->rr_data[0] + sizeof(uint16_t), buf, newlen);
2476 	return 1;
2477 }
2478 
2479 /** add a synthesized CNAME to the answer section */
2480 static int
2481 add_synth_cname(struct auth_zone* z, uint8_t* qname, size_t qname_len,
2482 	struct regional* region, struct dns_msg* msg, struct auth_data* dname,
2483 	struct auth_rrset* rrset)
2484 {
2485 	struct ub_packed_rrset_key* cname;
2486 	/* synthesize a CNAME */
2487 	if(!create_synth_cname(qname, qname_len, region, dname, rrset,
2488 		z->dclass, &cname)) {
2489 		/* out of memory */
2490 		return 0;
2491 	}
2492 	if(!cname) {
2493 		/* cname cannot be create because of YXDOMAIN */
2494 		msg->rep->flags |= LDNS_RCODE_YXDOMAIN;
2495 		return 1;
2496 	}
2497 	/* add cname to message */
2498 	if(!msg_grow_array(region, msg))
2499 		return 0;
2500 	msg->rep->rrsets[msg->rep->rrset_count] = cname;
2501 	msg->rep->rrset_count++;
2502 	msg->rep->an_numrrsets++;
2503 	msg_ttl(msg);
2504 	return 1;
2505 }
2506 
2507 /** Change a dname to a different one, for wildcard namechange */
2508 static void
2509 az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname,
2510 	size_t newlen, int an_only)
2511 {
2512 	size_t i;
2513 	size_t start = 0, end = msg->rep->rrset_count;
2514 	if(!an_only) start = msg->rep->an_numrrsets;
2515 	if(an_only) end = msg->rep->an_numrrsets;
2516 	for(i=start; i<end; i++) {
2517 		/* allocated in region so we can change the ptrs */
2518 		if(query_dname_compare(msg->rep->rrsets[i]->rk.dname, oldname)
2519 			== 0) {
2520 			msg->rep->rrsets[i]->rk.dname = newname;
2521 			msg->rep->rrsets[i]->rk.dname_len = newlen;
2522 		}
2523 	}
2524 }
2525 
2526 /** find NSEC record covering the query */
2527 static struct auth_rrset*
2528 az_find_nsec_cover(struct auth_zone* z, struct auth_data** node)
2529 {
2530 	uint8_t* nm = (*node)->name;
2531 	size_t nmlen = (*node)->namelen;
2532 	struct auth_rrset* rrset;
2533 	/* find the NSEC for the smallest-or-equal node */
2534 	/* if node == NULL, we did not find a smaller name.  But the zone
2535 	 * name is the smallest name and should have an NSEC. So there is
2536 	 * no NSEC to return (for a properly signed zone) */
2537 	/* for empty nonterminals, the auth-data node should not exist,
2538 	 * and thus we don't need to go rbtree_previous here to find
2539 	 * a domain with an NSEC record */
2540 	/* but there could be glue, and if this is node, then it has no NSEC.
2541 	 * Go up to find nonglue (previous) NSEC-holding nodes */
2542 	while((rrset=az_domain_rrset(*node, LDNS_RR_TYPE_NSEC)) == NULL) {
2543 		if(dname_is_root(nm)) return NULL;
2544 		if(nmlen == z->namelen) return NULL;
2545 		dname_remove_label(&nm, &nmlen);
2546 		/* adjust *node for the nsec rrset to find in */
2547 		*node = az_find_name(z, nm, nmlen);
2548 	}
2549 	return rrset;
2550 }
2551 
2552 /** Find NSEC and add for wildcard denial */
2553 static int
2554 az_nsec_wildcard_denial(struct auth_zone* z, struct regional* region,
2555 	struct dns_msg* msg, uint8_t* cenm, size_t cenmlen)
2556 {
2557 	struct query_info qinfo;
2558 	int node_exact;
2559 	struct auth_data* node;
2560 	struct auth_rrset* nsec;
2561 	uint8_t wc[LDNS_MAX_DOMAINLEN];
2562 	if(cenmlen+2 > sizeof(wc))
2563 		return 0; /* result would be too long */
2564 	wc[0] = 1; /* length of wildcard label */
2565 	wc[1] = (uint8_t)'*'; /* wildcard label */
2566 	memmove(wc+2, cenm, cenmlen);
2567 
2568 	/* we have '*.ce' in wc wildcard name buffer */
2569 	/* get nsec cover for that */
2570 	qinfo.qname = wc;
2571 	qinfo.qname_len = cenmlen+2;
2572 	qinfo.qtype = 0;
2573 	qinfo.qclass = 0;
2574 	az_find_domain(z, &qinfo, &node_exact, &node);
2575 	if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
2576 		if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
2577 	}
2578 	return 1;
2579 }
2580 
2581 /** Find the NSEC3PARAM rrset (if any) and if true you have the parameters */
2582 static int
2583 az_nsec3_param(struct auth_zone* z, int* algo, size_t* iter, uint8_t** salt,
2584 	size_t* saltlen)
2585 {
2586 	struct auth_data* apex;
2587 	struct auth_rrset* param;
2588 	size_t i;
2589 	apex = az_find_name(z, z->name, z->namelen);
2590 	if(!apex) return 0;
2591 	param = az_domain_rrset(apex, LDNS_RR_TYPE_NSEC3PARAM);
2592 	if(!param || param->data->count==0)
2593 		return 0; /* no RRset or no RRs in rrset */
2594 	/* find out which NSEC3PARAM RR has supported parameters */
2595 	/* skip unknown flags (dynamic signer is recalculating nsec3 chain) */
2596 	for(i=0; i<param->data->count; i++) {
2597 		uint8_t* rdata = param->data->rr_data[i]+2;
2598 		size_t rdatalen = param->data->rr_len[i];
2599 		if(rdatalen < 2+5)
2600 			continue; /* too short */
2601 		if(!nsec3_hash_algo_size_supported((int)(rdata[0])))
2602 			continue; /* unsupported algo */
2603 		if(rdatalen < (size_t)(2+5+(size_t)rdata[4]))
2604 			continue; /* salt missing */
2605 		if((rdata[1]&NSEC3_UNKNOWN_FLAGS)!=0)
2606 			continue; /* unknown flags */
2607 		*algo = (int)(rdata[0]);
2608 		*iter = sldns_read_uint16(rdata+2);
2609 		*saltlen = rdata[4];
2610 		if(*saltlen == 0)
2611 			*salt = NULL;
2612 		else	*salt = rdata+5;
2613 		return 1;
2614 	}
2615 	/* no supported params */
2616 	return 0;
2617 }
2618 
2619 /** Hash a name with nsec3param into buffer, it has zone name appended.
2620  * return length of hash */
2621 static size_t
2622 az_nsec3_hash(uint8_t* buf, size_t buflen, uint8_t* nm, size_t nmlen,
2623 	int algo, size_t iter, uint8_t* salt, size_t saltlen)
2624 {
2625 	size_t hlen = nsec3_hash_algo_size_supported(algo);
2626 	/* buffer has domain name, nsec3hash, and 256 is for max saltlen
2627 	 * (salt has 0-255 length) */
2628 	unsigned char p[LDNS_MAX_DOMAINLEN+1+N3HASHBUFLEN+256];
2629 	size_t i;
2630 	if(nmlen+saltlen > sizeof(p) || hlen+saltlen > sizeof(p))
2631 		return 0;
2632 	if(hlen > buflen)
2633 		return 0; /* somehow too large for destination buffer */
2634 	/* hashfunc(name, salt) */
2635 	memmove(p, nm, nmlen);
2636 	query_dname_tolower(p);
2637 	if(salt && saltlen > 0)
2638 		memmove(p+nmlen, salt, saltlen);
2639 	(void)secalgo_nsec3_hash(algo, p, nmlen+saltlen, (unsigned char*)buf);
2640 	for(i=0; i<iter; i++) {
2641 		/* hashfunc(hash, salt) */
2642 		memmove(p, buf, hlen);
2643 		if(salt && saltlen > 0)
2644 			memmove(p+hlen, salt, saltlen);
2645 		(void)secalgo_nsec3_hash(algo, p, hlen+saltlen,
2646 			(unsigned char*)buf);
2647 	}
2648 	return hlen;
2649 }
2650 
2651 /** Hash name and return b32encoded hashname for lookup, zone name appended */
2652 static int
2653 az_nsec3_hashname(struct auth_zone* z, uint8_t* hashname, size_t* hashnmlen,
2654 	uint8_t* nm, size_t nmlen, int algo, size_t iter, uint8_t* salt,
2655 	size_t saltlen)
2656 {
2657 	uint8_t hash[N3HASHBUFLEN];
2658 	size_t hlen;
2659 	int ret;
2660 	hlen = az_nsec3_hash(hash, sizeof(hash), nm, nmlen, algo, iter,
2661 		salt, saltlen);
2662 	if(!hlen) return 0;
2663 	/* b32 encode */
2664 	if(*hashnmlen < hlen*2+1+z->namelen) /* approx b32 as hexb16 */
2665 		return 0;
2666 	ret = sldns_b32_ntop_extended_hex(hash, hlen, (char*)(hashname+1),
2667 		(*hashnmlen)-1);
2668 	if(ret<1)
2669 		return 0;
2670 	hashname[0] = (uint8_t)ret;
2671 	ret++;
2672 	if((*hashnmlen) - ret < z->namelen)
2673 		return 0;
2674 	memmove(hashname+ret, z->name, z->namelen);
2675 	*hashnmlen = z->namelen+(size_t)ret;
2676 	return 1;
2677 }
2678 
2679 /** Find the datanode that covers the nsec3hash-name */
2680 static struct auth_data*
2681 az_nsec3_findnode(struct auth_zone* z, uint8_t* hashnm, size_t hashnmlen)
2682 {
2683 	struct query_info qinfo;
2684 	struct auth_data* node;
2685 	int node_exact;
2686 	qinfo.qclass = 0;
2687 	qinfo.qtype = 0;
2688 	qinfo.qname = hashnm;
2689 	qinfo.qname_len = hashnmlen;
2690 	/* because canonical ordering and b32 nsec3 ordering are the same.
2691 	 * this is a good lookup to find the nsec3 name. */
2692 	az_find_domain(z, &qinfo, &node_exact, &node);
2693 	/* but we may have to skip non-nsec3 nodes */
2694 	/* this may be a lot, the way to speed that up is to have a
2695 	 * separate nsec3 tree with nsec3 nodes */
2696 	while(node && (rbnode_type*)node != RBTREE_NULL &&
2697 		!az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) {
2698 		node = (struct auth_data*)rbtree_previous(&node->node);
2699 	}
2700 	if((rbnode_type*)node == RBTREE_NULL)
2701 		node = NULL;
2702 	return node;
2703 }
2704 
2705 /** Find cover for hashed(nm, nmlen) (or NULL) */
2706 static struct auth_data*
2707 az_nsec3_find_cover(struct auth_zone* z, uint8_t* nm, size_t nmlen,
2708 	int algo, size_t iter, uint8_t* salt, size_t saltlen)
2709 {
2710 	struct auth_data* node;
2711 	uint8_t hname[LDNS_MAX_DOMAINLEN];
2712 	size_t hlen = sizeof(hname);
2713 	if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter,
2714 		salt, saltlen))
2715 		return NULL;
2716 	node = az_nsec3_findnode(z, hname, hlen);
2717 	if(node)
2718 		return node;
2719 	/* we did not find any, perhaps because the NSEC3 hash is before
2720 	 * the first hash, we have to find the 'last hash' in the zone */
2721 	node = (struct auth_data*)rbtree_last(&z->data);
2722 	while(node && (rbnode_type*)node != RBTREE_NULL &&
2723 		!az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) {
2724 		node = (struct auth_data*)rbtree_previous(&node->node);
2725 	}
2726 	if((rbnode_type*)node == RBTREE_NULL)
2727 		node = NULL;
2728 	return node;
2729 }
2730 
2731 /** Find exact match for hashed(nm, nmlen) NSEC3 record or NULL */
2732 static struct auth_data*
2733 az_nsec3_find_exact(struct auth_zone* z, uint8_t* nm, size_t nmlen,
2734 	int algo, size_t iter, uint8_t* salt, size_t saltlen)
2735 {
2736 	struct auth_data* node;
2737 	uint8_t hname[LDNS_MAX_DOMAINLEN];
2738 	size_t hlen = sizeof(hname);
2739 	if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter,
2740 		salt, saltlen))
2741 		return NULL;
2742 	node = az_find_name(z, hname, hlen);
2743 	if(az_domain_rrset(node, LDNS_RR_TYPE_NSEC3))
2744 		return node;
2745 	return NULL;
2746 }
2747 
2748 /** Return nextcloser name (as a ref into the qname).  This is one label
2749  * more than the cenm (cename must be a suffix of qname) */
2750 static void
2751 az_nsec3_get_nextcloser(uint8_t* cenm, uint8_t* qname, size_t qname_len,
2752 	uint8_t** nx, size_t* nxlen)
2753 {
2754 	int celabs = dname_count_labels(cenm);
2755 	int qlabs = dname_count_labels(qname);
2756 	int strip = qlabs - celabs -1;
2757 	log_assert(dname_strict_subdomain(qname, qlabs, cenm, celabs));
2758 	*nx = qname;
2759 	*nxlen = qname_len;
2760 	if(strip>0)
2761 		dname_remove_labels(nx, nxlen, strip);
2762 }
2763 
2764 /** Find the closest encloser that has exact NSEC3.
2765  * updated cenm to the new name. If it went up no-exact-ce is true. */
2766 static struct auth_data*
2767 az_nsec3_find_ce(struct auth_zone* z, uint8_t** cenm, size_t* cenmlen,
2768 	int* no_exact_ce, int algo, size_t iter, uint8_t* salt, size_t saltlen)
2769 {
2770 	struct auth_data* node;
2771 	while((node = az_nsec3_find_exact(z, *cenm, *cenmlen,
2772 		algo, iter, salt, saltlen)) == NULL) {
2773 		if(*cenmlen == z->namelen) {
2774 			/* next step up would take us out of the zone. fail */
2775 			return NULL;
2776 		}
2777 		*no_exact_ce = 1;
2778 		dname_remove_label(cenm, cenmlen);
2779 	}
2780 	return node;
2781 }
2782 
2783 /* Insert NSEC3 record in authority section, if NULL does nothing */
2784 static int
2785 az_nsec3_insert(struct auth_zone* z, struct regional* region,
2786 	struct dns_msg* msg, struct auth_data* node)
2787 {
2788 	struct auth_rrset* nsec3;
2789 	if(!node) return 1; /* no node, skip this */
2790 	nsec3 = az_domain_rrset(node, LDNS_RR_TYPE_NSEC3);
2791 	if(!nsec3) return 1; /* if no nsec3 RR, skip it */
2792 	if(!msg_add_rrset_ns(z, region, msg, node, nsec3)) return 0;
2793 	return 1;
2794 }
2795 
2796 /** add NSEC3 records to the zone for the nsec3 proof.
2797  * Specify with the flags with parts of the proof are required.
2798  * the ce is the exact matching name (for notype) but also delegation points.
2799  * qname is the one where the nextcloser name can be derived from.
2800  * If NSEC3 is not properly there (in the zone) nothing is added.
2801  * always enabled: include nsec3 proving about the Closest Encloser.
2802  * 	that is an exact match that should exist for it.
2803  * 	If that does not exist, a higher exact match + nxproof is enabled
2804  * 	(for some sort of opt-out empty nonterminal cases).
2805  * nodataproof: search for exact match and include that instead.
2806  * ceproof: include ce proof NSEC3 (omitted for wildcard replies).
2807  * nxproof: include denial of the qname.
2808  * wcproof: include denial of wildcard (wildcard.ce).
2809  */
2810 static int
2811 az_add_nsec3_proof(struct auth_zone* z, struct regional* region,
2812 	struct dns_msg* msg, uint8_t* cenm, size_t cenmlen, uint8_t* qname,
2813 	size_t qname_len, int nodataproof, int ceproof, int nxproof,
2814 	int wcproof)
2815 {
2816 	int algo;
2817 	size_t iter, saltlen;
2818 	uint8_t* salt;
2819 	int no_exact_ce = 0;
2820 	struct auth_data* node;
2821 
2822 	/* find parameters of nsec3 proof */
2823 	if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen))
2824 		return 1; /* no nsec3 */
2825 	if(nodataproof) {
2826 		/* see if the node has a hash of itself for the nodata
2827 		 * proof nsec3, this has to be an exact match nsec3. */
2828 		struct auth_data* match;
2829 		match = az_nsec3_find_exact(z, qname, qname_len, algo,
2830 			iter, salt, saltlen);
2831 		if(match) {
2832 			if(!az_nsec3_insert(z, region, msg, match))
2833 				return 0;
2834 			/* only nodata NSEC3 needed, no CE or others. */
2835 			return 1;
2836 		}
2837 	}
2838 	/* find ce that has an NSEC3 */
2839 	if(ceproof) {
2840 		node = az_nsec3_find_ce(z, &cenm, &cenmlen, &no_exact_ce,
2841 			algo, iter, salt, saltlen);
2842 		if(no_exact_ce) nxproof = 1;
2843 		if(!az_nsec3_insert(z, region, msg, node))
2844 			return 0;
2845 	}
2846 
2847 	if(nxproof) {
2848 		uint8_t* nx;
2849 		size_t nxlen;
2850 		/* create nextcloser domain name */
2851 		az_nsec3_get_nextcloser(cenm, qname, qname_len, &nx, &nxlen);
2852 		/* find nsec3 that matches or covers it */
2853 		node = az_nsec3_find_cover(z, nx, nxlen, algo, iter, salt,
2854 			saltlen);
2855 		if(!az_nsec3_insert(z, region, msg, node))
2856 			return 0;
2857 	}
2858 	if(wcproof) {
2859 		/* create wildcard name *.ce */
2860 		uint8_t wc[LDNS_MAX_DOMAINLEN];
2861 		size_t wclen;
2862 		if(cenmlen+2 > sizeof(wc))
2863 			return 0; /* result would be too long */
2864 		wc[0] = 1; /* length of wildcard label */
2865 		wc[1] = (uint8_t)'*'; /* wildcard label */
2866 		memmove(wc+2, cenm, cenmlen);
2867 		wclen = cenmlen+2;
2868 		/* find nsec3 that matches or covers it */
2869 		node = az_nsec3_find_cover(z, wc, wclen, algo, iter, salt,
2870 			saltlen);
2871 		if(!az_nsec3_insert(z, region, msg, node))
2872 			return 0;
2873 	}
2874 	return 1;
2875 }
2876 
2877 /** generate answer for positive answer */
2878 static int
2879 az_generate_positive_answer(struct auth_zone* z, struct regional* region,
2880 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
2881 {
2882 	if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2883 	/* see if we want additional rrs */
2884 	if(rrset->type == LDNS_RR_TYPE_MX) {
2885 		if(!az_add_additionals_from(z, region, msg, rrset, 2))
2886 			return 0;
2887 	} else if(rrset->type == LDNS_RR_TYPE_SRV) {
2888 		if(!az_add_additionals_from(z, region, msg, rrset, 6))
2889 			return 0;
2890 	} else if(rrset->type == LDNS_RR_TYPE_NS) {
2891 		if(!az_add_additionals_from(z, region, msg, rrset, 0))
2892 			return 0;
2893 	}
2894 	return 1;
2895 }
2896 
2897 /** generate answer for type ANY answer */
2898 static int
2899 az_generate_any_answer(struct auth_zone* z, struct regional* region,
2900 	struct dns_msg* msg, struct auth_data* node)
2901 {
2902 	struct auth_rrset* rrset;
2903 	int added = 0;
2904 	/* add a couple (at least one) RRs */
2905 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_SOA)) != NULL) {
2906 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2907 		added++;
2908 	}
2909 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_MX)) != NULL) {
2910 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2911 		added++;
2912 	}
2913 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_A)) != NULL) {
2914 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2915 		added++;
2916 	}
2917 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_AAAA)) != NULL) {
2918 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2919 		added++;
2920 	}
2921 	if(added == 0 && node && node->rrsets) {
2922 		if(!msg_add_rrset_an(z, region, msg, node,
2923 			node->rrsets)) return 0;
2924 	}
2925 	return 1;
2926 }
2927 
2928 /** follow cname chain and add more data to the answer section */
2929 static int
2930 follow_cname_chain(struct auth_zone* z, uint16_t qtype,
2931 	struct regional* region, struct dns_msg* msg,
2932 	struct packed_rrset_data* d)
2933 {
2934 	int maxchain = 0;
2935 	/* see if we can add the target of the CNAME into the answer */
2936 	while(maxchain++ < MAX_CNAME_CHAIN) {
2937 		struct auth_data* node;
2938 		struct auth_rrset* rrset;
2939 		size_t clen;
2940 		/* d has cname rdata */
2941 		if(d->count == 0) break; /* no CNAME */
2942 		if(d->rr_len[0] < 2+1) break; /* too small */
2943 		if((clen=dname_valid(d->rr_data[0]+2, d->rr_len[0]-2))==0)
2944 			break; /* malformed */
2945 		if(!dname_subdomain_c(d->rr_data[0]+2, z->name))
2946 			break; /* target out of zone */
2947 		if((node = az_find_name(z, d->rr_data[0]+2, clen))==NULL)
2948 			break; /* no such target name */
2949 		if((rrset=az_domain_rrset(node, qtype))!=NULL) {
2950 			/* done we found the target */
2951 			if(!msg_add_rrset_an(z, region, msg, node, rrset))
2952 				return 0;
2953 			break;
2954 		}
2955 		if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_CNAME))==NULL)
2956 			break; /* no further CNAME chain, notype */
2957 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2958 		d = rrset->data;
2959 	}
2960 	return 1;
2961 }
2962 
2963 /** generate answer for cname answer */
2964 static int
2965 az_generate_cname_answer(struct auth_zone* z, struct query_info* qinfo,
2966 	struct regional* region, struct dns_msg* msg,
2967 	struct auth_data* node, struct auth_rrset* rrset)
2968 {
2969 	if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2970 	if(!rrset) return 1;
2971 	if(!follow_cname_chain(z, qinfo->qtype, region, msg, rrset->data))
2972 		return 0;
2973 	return 1;
2974 }
2975 
2976 /** generate answer for notype answer */
2977 static int
2978 az_generate_notype_answer(struct auth_zone* z, struct regional* region,
2979 	struct dns_msg* msg, struct auth_data* node)
2980 {
2981 	struct auth_rrset* rrset;
2982 	if(!az_add_negative_soa(z, region, msg)) return 0;
2983 	/* DNSSEC denial NSEC */
2984 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_NSEC))!=NULL) {
2985 		if(!msg_add_rrset_ns(z, region, msg, node, rrset)) return 0;
2986 	} else if(node) {
2987 		/* DNSSEC denial NSEC3 */
2988 		if(!az_add_nsec3_proof(z, region, msg, node->name,
2989 			node->namelen, msg->qinfo.qname,
2990 			msg->qinfo.qname_len, 1, 1, 0, 0))
2991 			return 0;
2992 	}
2993 	return 1;
2994 }
2995 
2996 /** generate answer for referral answer */
2997 static int
2998 az_generate_referral_answer(struct auth_zone* z, struct regional* region,
2999 	struct dns_msg* msg, struct auth_data* ce, struct auth_rrset* rrset)
3000 {
3001 	struct auth_rrset* ds, *nsec;
3002 	/* turn off AA flag, referral is nonAA because it leaves the zone */
3003 	log_assert(ce);
3004 	msg->rep->flags &= ~BIT_AA;
3005 	if(!msg_add_rrset_ns(z, region, msg, ce, rrset)) return 0;
3006 	/* add DS or deny it */
3007 	if((ds=az_domain_rrset(ce, LDNS_RR_TYPE_DS))!=NULL) {
3008 		if(!msg_add_rrset_ns(z, region, msg, ce, ds)) return 0;
3009 	} else {
3010 		/* deny the DS */
3011 		if((nsec=az_domain_rrset(ce, LDNS_RR_TYPE_NSEC))!=NULL) {
3012 			if(!msg_add_rrset_ns(z, region, msg, ce, nsec))
3013 				return 0;
3014 		} else {
3015 			if(!az_add_nsec3_proof(z, region, msg, ce->name,
3016 				ce->namelen, msg->qinfo.qname,
3017 				msg->qinfo.qname_len, 1, 1, 0, 0))
3018 				return 0;
3019 		}
3020 	}
3021 	/* add additional rrs for type NS */
3022 	if(!az_add_additionals_from(z, region, msg, rrset, 0)) return 0;
3023 	return 1;
3024 }
3025 
3026 /** generate answer for DNAME answer */
3027 static int
3028 az_generate_dname_answer(struct auth_zone* z, struct query_info* qinfo,
3029 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
3030 	struct auth_rrset* rrset)
3031 {
3032 	log_assert(ce);
3033 	/* add the DNAME and then a CNAME */
3034 	if(!msg_add_rrset_an(z, region, msg, ce, rrset)) return 0;
3035 	if(!add_synth_cname(z, qinfo->qname, qinfo->qname_len, region,
3036 		msg, ce, rrset)) return 0;
3037 	if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_YXDOMAIN)
3038 		return 1;
3039 	if(msg->rep->rrset_count == 0 ||
3040 		!msg->rep->rrsets[msg->rep->rrset_count-1])
3041 		return 0;
3042 	if(!follow_cname_chain(z, qinfo->qtype, region, msg,
3043 		(struct packed_rrset_data*)msg->rep->rrsets[
3044 		msg->rep->rrset_count-1]->entry.data))
3045 		return 0;
3046 	return 1;
3047 }
3048 
3049 /** generate answer for wildcard answer */
3050 static int
3051 az_generate_wildcard_answer(struct auth_zone* z, struct query_info* qinfo,
3052 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
3053 	struct auth_data* wildcard, struct auth_data* node)
3054 {
3055 	struct auth_rrset* rrset, *nsec;
3056 	int insert_ce = 0;
3057 	if((rrset=az_domain_rrset(wildcard, qinfo->qtype)) != NULL) {
3058 		/* wildcard has type, add it */
3059 		if(!msg_add_rrset_an(z, region, msg, wildcard, rrset))
3060 			return 0;
3061 		az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3062 			msg->qinfo.qname_len, 1);
3063 	} else if((rrset=az_domain_rrset(wildcard, LDNS_RR_TYPE_CNAME))!=NULL) {
3064 		/* wildcard has cname instead, do that */
3065 		if(!msg_add_rrset_an(z, region, msg, wildcard, rrset))
3066 			return 0;
3067 		az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3068 			msg->qinfo.qname_len, 1);
3069 		if(!follow_cname_chain(z, qinfo->qtype, region, msg,
3070 			rrset->data))
3071 			return 0;
3072 	} else if(qinfo->qtype == LDNS_RR_TYPE_ANY && wildcard->rrsets) {
3073 		/* add ANY rrsets from wildcard node */
3074 		if(!az_generate_any_answer(z, region, msg, wildcard))
3075 			return 0;
3076 		az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3077 			msg->qinfo.qname_len, 1);
3078 	} else {
3079 		/* wildcard has nodata, notype answer */
3080 		/* call other notype routine for dnssec notype denials */
3081 		if(!az_generate_notype_answer(z, region, msg, wildcard))
3082 			return 0;
3083 		/* because the notype, there is no positive data with an
3084 		 * RRSIG that indicates the wildcard position.  Thus the
3085 		 * wildcard qname denial needs to have a CE nsec3. */
3086 		insert_ce = 1;
3087 	}
3088 
3089 	/* ce and node for dnssec denial of wildcard original name */
3090 	if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
3091 		if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
3092 	} else if(ce) {
3093 		uint8_t* wildup = wildcard->name;
3094 		size_t wilduplen= wildcard->namelen;
3095 		dname_remove_label(&wildup, &wilduplen);
3096 		if(!az_add_nsec3_proof(z, region, msg, wildup,
3097 			wilduplen, msg->qinfo.qname,
3098 			msg->qinfo.qname_len, 0, insert_ce, 1, 0))
3099 			return 0;
3100 	}
3101 
3102 	/* fixup name of wildcard from *.zone to qname, use already allocated
3103 	 * pointer to msg qname */
3104 	az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3105 		msg->qinfo.qname_len, 0);
3106 	return 1;
3107 }
3108 
3109 /** generate answer for nxdomain answer */
3110 static int
3111 az_generate_nxdomain_answer(struct auth_zone* z, struct regional* region,
3112 	struct dns_msg* msg, struct auth_data* ce, struct auth_data* node)
3113 {
3114 	struct auth_rrset* nsec;
3115 	msg->rep->flags |= LDNS_RCODE_NXDOMAIN;
3116 	if(!az_add_negative_soa(z, region, msg)) return 0;
3117 	if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
3118 		if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
3119 		if(ce && !az_nsec_wildcard_denial(z, region, msg, ce->name,
3120 			ce->namelen)) return 0;
3121 	} else if(ce) {
3122 		if(!az_add_nsec3_proof(z, region, msg, ce->name,
3123 			ce->namelen, msg->qinfo.qname,
3124 			msg->qinfo.qname_len, 0, 1, 1, 1))
3125 			return 0;
3126 	}
3127 	return 1;
3128 }
3129 
3130 /** Create answers when an exact match exists for the domain name */
3131 static int
3132 az_generate_answer_with_node(struct auth_zone* z, struct query_info* qinfo,
3133 	struct regional* region, struct dns_msg* msg, struct auth_data* node)
3134 {
3135 	struct auth_rrset* rrset;
3136 	/* positive answer, rrset we are looking for exists */
3137 	if((rrset=az_domain_rrset(node, qinfo->qtype)) != NULL) {
3138 		return az_generate_positive_answer(z, region, msg, node, rrset);
3139 	}
3140 	/* CNAME? */
3141 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_CNAME)) != NULL) {
3142 		return az_generate_cname_answer(z, qinfo, region, msg,
3143 			node, rrset);
3144 	}
3145 	/* type ANY ? */
3146 	if(qinfo->qtype == LDNS_RR_TYPE_ANY) {
3147 		return az_generate_any_answer(z, region, msg, node);
3148 	}
3149 	/* NOERROR/NODATA (no such type at domain name) */
3150 	return az_generate_notype_answer(z, region, msg, node);
3151 }
3152 
3153 /** Generate answer without an existing-node that we can use.
3154  * So it'll be a referral, DNAME or nxdomain */
3155 static int
3156 az_generate_answer_nonexistnode(struct auth_zone* z, struct query_info* qinfo,
3157 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
3158 	struct auth_rrset* rrset, struct auth_data* node)
3159 {
3160 	struct auth_data* wildcard;
3161 
3162 	/* we do not have an exact matching name (that exists) */
3163 	/* see if we have a NS or DNAME in the ce */
3164 	if(ce && rrset && rrset->type == LDNS_RR_TYPE_NS) {
3165 		return az_generate_referral_answer(z, region, msg, ce, rrset);
3166 	}
3167 	if(ce && rrset && rrset->type == LDNS_RR_TYPE_DNAME) {
3168 		return az_generate_dname_answer(z, qinfo, region, msg, ce,
3169 			rrset);
3170 	}
3171 	/* if there is an empty nonterminal, wildcard and nxdomain don't
3172 	 * happen, it is a notype answer */
3173 	if(az_empty_nonterminal(z, qinfo, node)) {
3174 		return az_generate_notype_answer(z, region, msg, node);
3175 	}
3176 	/* see if we have a wildcard under the ce */
3177 	if((wildcard=az_find_wildcard(z, qinfo, ce)) != NULL) {
3178 		return az_generate_wildcard_answer(z, qinfo, region, msg,
3179 			ce, wildcard, node);
3180 	}
3181 	/* generate nxdomain answer */
3182 	return az_generate_nxdomain_answer(z, region, msg, ce, node);
3183 }
3184 
3185 /** Lookup answer in a zone. */
3186 static int
3187 auth_zone_generate_answer(struct auth_zone* z, struct query_info* qinfo,
3188 	struct regional* region, struct dns_msg** msg, int* fallback)
3189 {
3190 	struct auth_data* node, *ce;
3191 	struct auth_rrset* rrset;
3192 	int node_exact, node_exists;
3193 	/* does the zone want fallback in case of failure? */
3194 	*fallback = z->fallback_enabled;
3195 	if(!(*msg=msg_create(region, qinfo))) return 0;
3196 
3197 	/* lookup if there is a matching domain name for the query */
3198 	az_find_domain(z, qinfo, &node_exact, &node);
3199 
3200 	/* see if node exists for generating answers from (i.e. not glue and
3201 	 * obscured by NS or DNAME or NSEC3-only), and also return the
3202 	 * closest-encloser from that, closest node that should be used
3203 	 * to generate answers from that is above the query */
3204 	node_exists = az_find_ce(z, qinfo, node, node_exact, &ce, &rrset);
3205 
3206 	if(verbosity >= VERB_ALGO) {
3207 		char zname[256], qname[256], nname[256], cename[256],
3208 			tpstr[32], rrstr[32];
3209 		sldns_wire2str_dname_buf(qinfo->qname, qinfo->qname_len, qname,
3210 			sizeof(qname));
3211 		sldns_wire2str_type_buf(qinfo->qtype, tpstr, sizeof(tpstr));
3212 		sldns_wire2str_dname_buf(z->name, z->namelen, zname,
3213 			sizeof(zname));
3214 		if(node)
3215 			sldns_wire2str_dname_buf(node->name, node->namelen,
3216 				nname, sizeof(nname));
3217 		else	snprintf(nname, sizeof(nname), "NULL");
3218 		if(ce)
3219 			sldns_wire2str_dname_buf(ce->name, ce->namelen,
3220 				cename, sizeof(cename));
3221 		else	snprintf(cename, sizeof(cename), "NULL");
3222 		if(rrset) sldns_wire2str_type_buf(rrset->type, rrstr,
3223 			sizeof(rrstr));
3224 		else	snprintf(rrstr, sizeof(rrstr), "NULL");
3225 		log_info("auth_zone %s query %s %s, domain %s %s %s, "
3226 			"ce %s, rrset %s", zname, qname, tpstr, nname,
3227 			(node_exact?"exact":"notexact"),
3228 			(node_exists?"exist":"notexist"), cename, rrstr);
3229 	}
3230 
3231 	if(node_exists) {
3232 		/* the node is fine, generate answer from node */
3233 		return az_generate_answer_with_node(z, qinfo, region, *msg,
3234 			node);
3235 	}
3236 	return az_generate_answer_nonexistnode(z, qinfo, region, *msg,
3237 		ce, rrset, node);
3238 }
3239 
3240 int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo,
3241 	struct regional* region, struct dns_msg** msg, int* fallback,
3242 	uint8_t* dp_nm, size_t dp_nmlen)
3243 {
3244 	int r;
3245 	struct auth_zone* z;
3246 	/* find the zone that should contain the answer. */
3247 	lock_rw_rdlock(&az->lock);
3248 	z = auth_zone_find(az, dp_nm, dp_nmlen, qinfo->qclass);
3249 	if(!z) {
3250 		lock_rw_unlock(&az->lock);
3251 		/* no auth zone, fallback to internet */
3252 		*fallback = 1;
3253 		return 0;
3254 	}
3255 	lock_rw_rdlock(&z->lock);
3256 	lock_rw_unlock(&az->lock);
3257 
3258 	/* if not for upstream queries, fallback */
3259 	if(!z->for_upstream) {
3260 		lock_rw_unlock(&z->lock);
3261 		*fallback = 1;
3262 		return 0;
3263 	}
3264 	if(z->zone_expired) {
3265 		*fallback = z->fallback_enabled;
3266 		lock_rw_unlock(&z->lock);
3267 		return 0;
3268 	}
3269 	/* see what answer that zone would generate */
3270 	r = auth_zone_generate_answer(z, qinfo, region, msg, fallback);
3271 	lock_rw_unlock(&z->lock);
3272 	return r;
3273 }
3274 
3275 /** encode auth answer */
3276 static void
3277 auth_answer_encode(struct query_info* qinfo, struct module_env* env,
3278 	struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf,
3279 	struct regional* temp, struct dns_msg* msg)
3280 {
3281 	uint16_t udpsize;
3282 	udpsize = edns->udp_size;
3283 	edns->edns_version = EDNS_ADVERTISED_VERSION;
3284 	edns->udp_size = EDNS_ADVERTISED_SIZE;
3285 	edns->ext_rcode = 0;
3286 	edns->bits &= EDNS_DO;
3287 
3288 	if(!inplace_cb_reply_local_call(env, qinfo, NULL, msg->rep,
3289 		(int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp)
3290 		|| !reply_info_answer_encode(qinfo, msg->rep,
3291 		*(uint16_t*)sldns_buffer_begin(buf),
3292 		sldns_buffer_read_u16_at(buf, 2),
3293 		buf, 0, 0, temp, udpsize, edns,
3294 		(int)(edns->bits&EDNS_DO), 0)) {
3295 		error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
3296 			*(uint16_t*)sldns_buffer_begin(buf),
3297 			sldns_buffer_read_u16_at(buf, 2), edns);
3298 	}
3299 }
3300 
3301 /** encode auth error answer */
3302 static void
3303 auth_error_encode(struct query_info* qinfo, struct module_env* env,
3304 	struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf,
3305 	struct regional* temp, int rcode)
3306 {
3307 	edns->edns_version = EDNS_ADVERTISED_VERSION;
3308 	edns->udp_size = EDNS_ADVERTISED_SIZE;
3309 	edns->ext_rcode = 0;
3310 	edns->bits &= EDNS_DO;
3311 
3312 	if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
3313 		rcode, edns, repinfo, temp))
3314 		edns->opt_list = NULL;
3315 	error_encode(buf, rcode|BIT_AA, qinfo,
3316 		*(uint16_t*)sldns_buffer_begin(buf),
3317 		sldns_buffer_read_u16_at(buf, 2), edns);
3318 }
3319 
3320 int auth_zones_answer(struct auth_zones* az, struct module_env* env,
3321 	struct query_info* qinfo, struct edns_data* edns,
3322 	struct comm_reply* repinfo, struct sldns_buffer* buf, struct regional* temp)
3323 {
3324 	struct dns_msg* msg = NULL;
3325 	struct auth_zone* z;
3326 	int r;
3327 	int fallback = 0;
3328 
3329 	lock_rw_rdlock(&az->lock);
3330 	if(!az->have_downstream) {
3331 		/* no downstream auth zones */
3332 		lock_rw_unlock(&az->lock);
3333 		return 0;
3334 	}
3335 	if(qinfo->qtype == LDNS_RR_TYPE_DS) {
3336 		uint8_t* delname = qinfo->qname;
3337 		size_t delnamelen = qinfo->qname_len;
3338 		dname_remove_label(&delname, &delnamelen);
3339 		z = auth_zones_find_zone(az, delname, delnamelen,
3340 			qinfo->qclass);
3341 	} else {
3342 		z = auth_zones_find_zone(az, qinfo->qname, qinfo->qname_len,
3343 			qinfo->qclass);
3344 	}
3345 	if(!z) {
3346 		/* no zone above it */
3347 		lock_rw_unlock(&az->lock);
3348 		return 0;
3349 	}
3350 	lock_rw_rdlock(&z->lock);
3351 	lock_rw_unlock(&az->lock);
3352 	if(!z->for_downstream) {
3353 		lock_rw_unlock(&z->lock);
3354 		return 0;
3355 	}
3356 	if(z->zone_expired) {
3357 		if(z->fallback_enabled) {
3358 			lock_rw_unlock(&z->lock);
3359 			return 0;
3360 		}
3361 		lock_rw_unlock(&z->lock);
3362 		lock_rw_wrlock(&az->lock);
3363 		az->num_query_down++;
3364 		lock_rw_unlock(&az->lock);
3365 		auth_error_encode(qinfo, env, edns, repinfo, buf, temp,
3366 			LDNS_RCODE_SERVFAIL);
3367 		return 1;
3368 	}
3369 
3370 	/* answer it from zone z */
3371 	r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback);
3372 	lock_rw_unlock(&z->lock);
3373 	if(!r && fallback) {
3374 		/* fallback to regular answering (recursive) */
3375 		return 0;
3376 	}
3377 	lock_rw_wrlock(&az->lock);
3378 	az->num_query_down++;
3379 	lock_rw_unlock(&az->lock);
3380 
3381 	/* encode answer */
3382 	if(!r)
3383 		auth_error_encode(qinfo, env, edns, repinfo, buf, temp,
3384 			LDNS_RCODE_SERVFAIL);
3385 	else	auth_answer_encode(qinfo, env, edns, repinfo, buf, temp, msg);
3386 
3387 	return 1;
3388 }
3389 
3390 int auth_zones_can_fallback(struct auth_zones* az, uint8_t* nm, size_t nmlen,
3391 	uint16_t dclass)
3392 {
3393 	int r;
3394 	struct auth_zone* z;
3395 	lock_rw_rdlock(&az->lock);
3396 	z = auth_zone_find(az, nm, nmlen, dclass);
3397 	if(!z) {
3398 		lock_rw_unlock(&az->lock);
3399 		/* no such auth zone, fallback */
3400 		return 1;
3401 	}
3402 	lock_rw_rdlock(&z->lock);
3403 	lock_rw_unlock(&az->lock);
3404 	r = z->fallback_enabled || (!z->for_upstream);
3405 	lock_rw_unlock(&z->lock);
3406 	return r;
3407 }
3408 
3409 int
3410 auth_zone_parse_notify_serial(sldns_buffer* pkt, uint32_t *serial)
3411 {
3412 	struct query_info q;
3413 	uint16_t rdlen;
3414 	memset(&q, 0, sizeof(q));
3415 	sldns_buffer_set_position(pkt, 0);
3416 	if(!query_info_parse(&q, pkt)) return 0;
3417 	if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0) return 0;
3418 	/* skip name of RR in answer section */
3419 	if(sldns_buffer_remaining(pkt) < 1) return 0;
3420 	if(pkt_dname_len(pkt) == 0) return 0;
3421 	/* check type */
3422 	if(sldns_buffer_remaining(pkt) < 10 /* type,class,ttl,rdatalen*/)
3423 		return 0;
3424 	if(sldns_buffer_read_u16(pkt) != LDNS_RR_TYPE_SOA) return 0;
3425 	sldns_buffer_skip(pkt, 2); /* class */
3426 	sldns_buffer_skip(pkt, 4); /* ttl */
3427 	rdlen = sldns_buffer_read_u16(pkt); /* rdatalen */
3428 	if(sldns_buffer_remaining(pkt) < rdlen) return 0;
3429 	if(rdlen < 22) return 0; /* bad soa length */
3430 	sldns_buffer_skip(pkt, (ssize_t)(rdlen-20));
3431 	*serial = sldns_buffer_read_u32(pkt);
3432 	/* return true when has serial in answer section */
3433 	return 1;
3434 }
3435 
3436 /** see if addr appears in the list */
3437 static int
3438 addr_in_list(struct auth_addr* list, struct sockaddr_storage* addr,
3439 	socklen_t addrlen)
3440 {
3441 	struct auth_addr* p;
3442 	for(p=list; p; p=p->next) {
3443 		if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0)
3444 			return 1;
3445 	}
3446 	return 0;
3447 }
3448 
3449 /** check if an address matches a master specification (or one of its
3450  * addresses in the addr list) */
3451 static int
3452 addr_matches_master(struct auth_master* master, struct sockaddr_storage* addr,
3453 	socklen_t addrlen, struct auth_master** fromhost)
3454 {
3455 	struct sockaddr_storage a;
3456 	socklen_t alen = 0;
3457 	int net = 0;
3458 	if(addr_in_list(master->list, addr, addrlen)) {
3459 		*fromhost = master;
3460 		return 1;
3461 	}
3462 	/* compare address (but not port number, that is the destination
3463 	 * port of the master, the port number of the received notify is
3464 	 * allowed to by any port on that master) */
3465 	if(extstrtoaddr(master->host, &a, &alen) &&
3466 		sockaddr_cmp_addr(addr, addrlen, &a, alen)==0) {
3467 		*fromhost = master;
3468 		return 1;
3469 	}
3470 	/* prefixes, addr/len, like 10.0.0.0/8 */
3471 	/* not http and has a / and there is one / */
3472 	if(master->allow_notify && !master->http &&
3473 		strchr(master->host, '/') != NULL &&
3474 		strchr(master->host, '/') == strrchr(master->host, '/') &&
3475 		netblockstrtoaddr(master->host, UNBOUND_DNS_PORT, &a, &alen,
3476 		&net) && alen == addrlen) {
3477 		if(addr_in_common(addr, (addr_is_ip6(addr, addrlen)?128:32),
3478 			&a, net, alen) >= net) {
3479 			*fromhost = NULL; /* prefix does not have destination
3480 				to send the probe or transfer with */
3481 			return 1; /* matches the netblock */
3482 		}
3483 	}
3484 	return 0;
3485 }
3486 
3487 /** check access list for notifies */
3488 static int
3489 az_xfr_allowed_notify(struct auth_xfer* xfr, struct sockaddr_storage* addr,
3490 	socklen_t addrlen, struct auth_master** fromhost)
3491 {
3492 	struct auth_master* p;
3493 	for(p=xfr->allow_notify_list; p; p=p->next) {
3494 		if(addr_matches_master(p, addr, addrlen, fromhost)) {
3495 			return 1;
3496 		}
3497 	}
3498 	return 0;
3499 }
3500 
3501 /** see if the serial means the zone has to be updated, i.e. the serial
3502  * is newer than the zone serial, or we have no zone */
3503 static int
3504 xfr_serial_means_update(struct auth_xfer* xfr, uint32_t serial)
3505 {
3506 	if(!xfr->have_zone)
3507 		return 1; /* no zone, anything is better */
3508 	if(xfr->zone_expired)
3509 		return 1; /* expired, the sent serial is better than expired
3510 			data */
3511 	if(compare_serial(xfr->serial, serial) < 0)
3512 		return 1; /* our serial is smaller than the sent serial,
3513 			the data is newer, fetch it */
3514 	return 0;
3515 }
3516 
3517 /** note notify serial, updates the notify information in the xfr struct */
3518 static void
3519 xfr_note_notify_serial(struct auth_xfer* xfr, int has_serial, uint32_t serial)
3520 {
3521 	if(xfr->notify_received && xfr->notify_has_serial && has_serial) {
3522 		/* see if this serial is newer */
3523 		if(compare_serial(xfr->notify_serial, serial) < 0)
3524 			xfr->notify_serial = serial;
3525 	} else if(xfr->notify_received && xfr->notify_has_serial &&
3526 		!has_serial) {
3527 		/* remove serial, we have notify without serial */
3528 		xfr->notify_has_serial = 0;
3529 		xfr->notify_serial = 0;
3530 	} else if(xfr->notify_received && !xfr->notify_has_serial) {
3531 		/* we already have notify without serial, keep it
3532 		 * that way; no serial check when current operation
3533 		 * is done */
3534 	} else {
3535 		xfr->notify_received = 1;
3536 		xfr->notify_has_serial = has_serial;
3537 		xfr->notify_serial = serial;
3538 	}
3539 }
3540 
3541 /** process a notify serial, start new probe or note serial. xfr is locked */
3542 static void
3543 xfr_process_notify(struct auth_xfer* xfr, struct module_env* env,
3544 	int has_serial, uint32_t serial, struct auth_master* fromhost)
3545 {
3546 	/* if the serial of notify is older than we have, don't fetch
3547 	 * a zone, we already have it */
3548 	if(has_serial && !xfr_serial_means_update(xfr, serial)) {
3549 		lock_basic_unlock(&xfr->lock);
3550 		return;
3551 	}
3552 	/* start new probe with this addr src, or note serial */
3553 	if(!xfr_start_probe(xfr, env, fromhost)) {
3554 		/* not started because already in progress, note the serial */
3555 		xfr_note_notify_serial(xfr, has_serial, serial);
3556 		lock_basic_unlock(&xfr->lock);
3557 	}
3558 	/* successful end of start_probe unlocked xfr->lock */
3559 }
3560 
3561 int auth_zones_notify(struct auth_zones* az, struct module_env* env,
3562 	uint8_t* nm, size_t nmlen, uint16_t dclass,
3563 	struct sockaddr_storage* addr, socklen_t addrlen, int has_serial,
3564 	uint32_t serial, int* refused)
3565 {
3566 	struct auth_xfer* xfr;
3567 	struct auth_master* fromhost = NULL;
3568 	/* see which zone this is */
3569 	lock_rw_rdlock(&az->lock);
3570 	xfr = auth_xfer_find(az, nm, nmlen, dclass);
3571 	if(!xfr) {
3572 		lock_rw_unlock(&az->lock);
3573 		/* no such zone, refuse the notify */
3574 		*refused = 1;
3575 		return 0;
3576 	}
3577 	lock_basic_lock(&xfr->lock);
3578 	lock_rw_unlock(&az->lock);
3579 
3580 	/* check access list for notifies */
3581 	if(!az_xfr_allowed_notify(xfr, addr, addrlen, &fromhost)) {
3582 		lock_basic_unlock(&xfr->lock);
3583 		/* notify not allowed, refuse the notify */
3584 		*refused = 1;
3585 		return 0;
3586 	}
3587 
3588 	/* process the notify */
3589 	xfr_process_notify(xfr, env, has_serial, serial, fromhost);
3590 	return 1;
3591 }
3592 
3593 int auth_zones_startprobesequence(struct auth_zones* az,
3594 	struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t dclass)
3595 {
3596 	struct auth_xfer* xfr;
3597 	lock_rw_rdlock(&az->lock);
3598 	xfr = auth_xfer_find(az, nm, nmlen, dclass);
3599 	if(!xfr) {
3600 		lock_rw_unlock(&az->lock);
3601 		return 0;
3602 	}
3603 	lock_basic_lock(&xfr->lock);
3604 	lock_rw_unlock(&az->lock);
3605 
3606 	xfr_process_notify(xfr, env, 0, 0, NULL);
3607 	return 1;
3608 }
3609 
3610 /** set a zone expired */
3611 static void
3612 auth_xfer_set_expired(struct auth_xfer* xfr, struct module_env* env,
3613 	int expired)
3614 {
3615 	struct auth_zone* z;
3616 
3617 	/* expire xfr */
3618 	lock_basic_lock(&xfr->lock);
3619 	xfr->zone_expired = expired;
3620 	lock_basic_unlock(&xfr->lock);
3621 
3622 	/* find auth_zone */
3623 	lock_rw_rdlock(&env->auth_zones->lock);
3624 	z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
3625 		xfr->dclass);
3626 	if(!z) {
3627 		lock_rw_unlock(&env->auth_zones->lock);
3628 		return;
3629 	}
3630 	lock_rw_wrlock(&z->lock);
3631 	lock_rw_unlock(&env->auth_zones->lock);
3632 
3633 	/* expire auth_zone */
3634 	z->zone_expired = expired;
3635 	lock_rw_unlock(&z->lock);
3636 }
3637 
3638 /** find master (from notify or probe) in list of masters */
3639 static struct auth_master*
3640 find_master_by_host(struct auth_master* list, char* host)
3641 {
3642 	struct auth_master* p;
3643 	for(p=list; p; p=p->next) {
3644 		if(strcmp(p->host, host) == 0)
3645 			return p;
3646 	}
3647 	return NULL;
3648 }
3649 
3650 /** delete the looked up auth_addrs for all the masters in the list */
3651 static void
3652 xfr_masterlist_free_addrs(struct auth_master* list)
3653 {
3654 	struct auth_master* m;
3655 	for(m=list; m; m=m->next) {
3656 		if(m->list) {
3657 			auth_free_master_addrs(m->list);
3658 			m->list = NULL;
3659 		}
3660 	}
3661 }
3662 
3663 /** copy a list of auth_addrs */
3664 static struct auth_addr*
3665 auth_addr_list_copy(struct auth_addr* source)
3666 {
3667 	struct auth_addr* list = NULL, *last = NULL;
3668 	struct auth_addr* p;
3669 	for(p=source; p; p=p->next) {
3670 		struct auth_addr* a = (struct auth_addr*)memdup(p, sizeof(*p));
3671 		if(!a) {
3672 			log_err("malloc failure");
3673 			auth_free_master_addrs(list);
3674 			return NULL;
3675 		}
3676 		a->next = NULL;
3677 		if(last) last->next = a;
3678 		if(!list) list = a;
3679 		last = a;
3680 	}
3681 	return list;
3682 }
3683 
3684 /** copy a master to a new structure, NULL on alloc failure */
3685 static struct auth_master*
3686 auth_master_copy(struct auth_master* o)
3687 {
3688 	struct auth_master* m;
3689 	if(!o) return NULL;
3690 	m = (struct auth_master*)memdup(o, sizeof(*o));
3691 	if(!m) {
3692 		log_err("malloc failure");
3693 		return NULL;
3694 	}
3695 	m->next = NULL;
3696 	if(m->host) {
3697 		m->host = strdup(m->host);
3698 		if(!m->host) {
3699 			free(m);
3700 			log_err("malloc failure");
3701 			return NULL;
3702 		}
3703 	}
3704 	if(m->file) {
3705 		m->file = strdup(m->file);
3706 		if(!m->file) {
3707 			free(m->host);
3708 			free(m);
3709 			log_err("malloc failure");
3710 			return NULL;
3711 		}
3712 	}
3713 	if(m->list) {
3714 		m->list = auth_addr_list_copy(m->list);
3715 		if(!m->list) {
3716 			free(m->file);
3717 			free(m->host);
3718 			free(m);
3719 			return NULL;
3720 		}
3721 	}
3722 	return m;
3723 }
3724 
3725 /** copy the master addresses from the task_probe lookups to the allow_notify
3726  * list of masters */
3727 static void
3728 probe_copy_masters_for_allow_notify(struct auth_xfer* xfr)
3729 {
3730 	struct auth_master* list = NULL, *last = NULL;
3731 	struct auth_master* p;
3732 	/* build up new list with copies */
3733 	for(p = xfr->task_probe->masters; p; p=p->next) {
3734 		struct auth_master* m = auth_master_copy(p);
3735 		if(!m) {
3736 			auth_free_masters(list);
3737 			/* failed because of malloc failure, use old list */
3738 			return;
3739 		}
3740 		m->next = NULL;
3741 		if(last) last->next = m;
3742 		if(!list) list = m;
3743 		last = m;
3744 	}
3745 	/* success, replace list */
3746 	auth_free_masters(xfr->allow_notify_list);
3747 	xfr->allow_notify_list = list;
3748 }
3749 
3750 /** start the lookups for task_transfer */
3751 static void
3752 xfr_transfer_start_lookups(struct auth_xfer* xfr)
3753 {
3754 	/* delete all the looked up addresses in the list */
3755 	xfr->task_transfer->scan_addr = NULL;
3756 	xfr_masterlist_free_addrs(xfr->task_transfer->masters);
3757 
3758 	/* start lookup at the first master */
3759 	xfr->task_transfer->lookup_target = xfr->task_transfer->masters;
3760 	xfr->task_transfer->lookup_aaaa = 0;
3761 }
3762 
3763 /** move to the next lookup of hostname for task_transfer */
3764 static void
3765 xfr_transfer_move_to_next_lookup(struct auth_xfer* xfr, struct module_env* env)
3766 {
3767 	if(!xfr->task_transfer->lookup_target)
3768 		return; /* already at end of list */
3769 	if(!xfr->task_transfer->lookup_aaaa && env->cfg->do_ip6) {
3770 		/* move to lookup AAAA */
3771 		xfr->task_transfer->lookup_aaaa = 1;
3772 		return;
3773 	}
3774 	xfr->task_transfer->lookup_target =
3775 		xfr->task_transfer->lookup_target->next;
3776 	xfr->task_transfer->lookup_aaaa = 0;
3777 	if(!env->cfg->do_ip4 && xfr->task_transfer->lookup_target!=NULL)
3778 		xfr->task_transfer->lookup_aaaa = 1;
3779 }
3780 
3781 /** start the lookups for task_probe */
3782 static void
3783 xfr_probe_start_lookups(struct auth_xfer* xfr)
3784 {
3785 	/* delete all the looked up addresses in the list */
3786 	xfr->task_probe->scan_addr = NULL;
3787 	xfr_masterlist_free_addrs(xfr->task_probe->masters);
3788 
3789 	/* start lookup at the first master */
3790 	xfr->task_probe->lookup_target = xfr->task_probe->masters;
3791 	xfr->task_probe->lookup_aaaa = 0;
3792 }
3793 
3794 /** move to the next lookup of hostname for task_probe */
3795 static void
3796 xfr_probe_move_to_next_lookup(struct auth_xfer* xfr, struct module_env* env)
3797 {
3798 	if(!xfr->task_probe->lookup_target)
3799 		return; /* already at end of list */
3800 	if(!xfr->task_probe->lookup_aaaa && env->cfg->do_ip6) {
3801 		/* move to lookup AAAA */
3802 		xfr->task_probe->lookup_aaaa = 1;
3803 		return;
3804 	}
3805 	xfr->task_probe->lookup_target = xfr->task_probe->lookup_target->next;
3806 	xfr->task_probe->lookup_aaaa = 0;
3807 	if(!env->cfg->do_ip4 && xfr->task_probe->lookup_target!=NULL)
3808 		xfr->task_probe->lookup_aaaa = 1;
3809 }
3810 
3811 /** start the iteration of the task_transfer list of masters */
3812 static void
3813 xfr_transfer_start_list(struct auth_xfer* xfr, struct auth_master* spec)
3814 {
3815 	if(spec) {
3816 		xfr->task_transfer->scan_specific = find_master_by_host(
3817 			xfr->task_transfer->masters, spec->host);
3818 		if(xfr->task_transfer->scan_specific) {
3819 			xfr->task_transfer->scan_target = NULL;
3820 			xfr->task_transfer->scan_addr = NULL;
3821 			if(xfr->task_transfer->scan_specific->list)
3822 				xfr->task_transfer->scan_addr =
3823 					xfr->task_transfer->scan_specific->list;
3824 			return;
3825 		}
3826 	}
3827 	/* no specific (notified) host to scan */
3828 	xfr->task_transfer->scan_specific = NULL;
3829 	xfr->task_transfer->scan_addr = NULL;
3830 	/* pick up first scan target */
3831 	xfr->task_transfer->scan_target = xfr->task_transfer->masters;
3832 	if(xfr->task_transfer->scan_target && xfr->task_transfer->
3833 		scan_target->list)
3834 		xfr->task_transfer->scan_addr =
3835 			xfr->task_transfer->scan_target->list;
3836 }
3837 
3838 /** start the iteration of the task_probe list of masters */
3839 static void
3840 xfr_probe_start_list(struct auth_xfer* xfr, struct auth_master* spec)
3841 {
3842 	if(spec) {
3843 		xfr->task_probe->scan_specific = find_master_by_host(
3844 			xfr->task_probe->masters, spec->host);
3845 		if(xfr->task_probe->scan_specific) {
3846 			xfr->task_probe->scan_target = NULL;
3847 			xfr->task_probe->scan_addr = NULL;
3848 			if(xfr->task_probe->scan_specific->list)
3849 				xfr->task_probe->scan_addr =
3850 					xfr->task_probe->scan_specific->list;
3851 			return;
3852 		}
3853 	}
3854 	/* no specific (notified) host to scan */
3855 	xfr->task_probe->scan_specific = NULL;
3856 	xfr->task_probe->scan_addr = NULL;
3857 	/* pick up first scan target */
3858 	xfr->task_probe->scan_target = xfr->task_probe->masters;
3859 	if(xfr->task_probe->scan_target && xfr->task_probe->scan_target->list)
3860 		xfr->task_probe->scan_addr =
3861 			xfr->task_probe->scan_target->list;
3862 }
3863 
3864 /** pick up the master that is being scanned right now, task_transfer */
3865 static struct auth_master*
3866 xfr_transfer_current_master(struct auth_xfer* xfr)
3867 {
3868 	if(xfr->task_transfer->scan_specific)
3869 		return xfr->task_transfer->scan_specific;
3870 	return xfr->task_transfer->scan_target;
3871 }
3872 
3873 /** pick up the master that is being scanned right now, task_probe */
3874 static struct auth_master*
3875 xfr_probe_current_master(struct auth_xfer* xfr)
3876 {
3877 	if(xfr->task_probe->scan_specific)
3878 		return xfr->task_probe->scan_specific;
3879 	return xfr->task_probe->scan_target;
3880 }
3881 
3882 /** true if at end of list, task_transfer */
3883 static int
3884 xfr_transfer_end_of_list(struct auth_xfer* xfr)
3885 {
3886 	return !xfr->task_transfer->scan_specific &&
3887 		!xfr->task_transfer->scan_target;
3888 }
3889 
3890 /** true if at end of list, task_probe */
3891 static int
3892 xfr_probe_end_of_list(struct auth_xfer* xfr)
3893 {
3894 	return !xfr->task_probe->scan_specific && !xfr->task_probe->scan_target;
3895 }
3896 
3897 /** move to next master in list, task_transfer */
3898 static void
3899 xfr_transfer_nextmaster(struct auth_xfer* xfr)
3900 {
3901 	if(!xfr->task_transfer->scan_specific &&
3902 		!xfr->task_transfer->scan_target)
3903 		return;
3904 	if(xfr->task_transfer->scan_addr) {
3905 		xfr->task_transfer->scan_addr =
3906 			xfr->task_transfer->scan_addr->next;
3907 		if(xfr->task_transfer->scan_addr)
3908 			return;
3909 	}
3910 	if(xfr->task_transfer->scan_specific) {
3911 		xfr->task_transfer->scan_specific = NULL;
3912 		xfr->task_transfer->scan_target = xfr->task_transfer->masters;
3913 		if(xfr->task_transfer->scan_target && xfr->task_transfer->
3914 			scan_target->list)
3915 			xfr->task_transfer->scan_addr =
3916 				xfr->task_transfer->scan_target->list;
3917 		return;
3918 	}
3919 	if(!xfr->task_transfer->scan_target)
3920 		return;
3921 	xfr->task_transfer->scan_target = xfr->task_transfer->scan_target->next;
3922 	if(xfr->task_transfer->scan_target && xfr->task_transfer->
3923 		scan_target->list)
3924 		xfr->task_transfer->scan_addr =
3925 			xfr->task_transfer->scan_target->list;
3926 	return;
3927 }
3928 
3929 /** move to next master in list, task_probe */
3930 static void
3931 xfr_probe_nextmaster(struct auth_xfer* xfr)
3932 {
3933 	if(!xfr->task_probe->scan_specific && !xfr->task_probe->scan_target)
3934 		return;
3935 	if(xfr->task_probe->scan_addr) {
3936 		xfr->task_probe->scan_addr = xfr->task_probe->scan_addr->next;
3937 		if(xfr->task_probe->scan_addr)
3938 			return;
3939 	}
3940 	if(xfr->task_probe->scan_specific) {
3941 		xfr->task_probe->scan_specific = NULL;
3942 		xfr->task_probe->scan_target = xfr->task_probe->masters;
3943 		if(xfr->task_probe->scan_target && xfr->task_probe->
3944 			scan_target->list)
3945 			xfr->task_probe->scan_addr =
3946 				xfr->task_probe->scan_target->list;
3947 		return;
3948 	}
3949 	if(!xfr->task_probe->scan_target)
3950 		return;
3951 	xfr->task_probe->scan_target = xfr->task_probe->scan_target->next;
3952 	if(xfr->task_probe->scan_target && xfr->task_probe->
3953 		scan_target->list)
3954 		xfr->task_probe->scan_addr =
3955 			xfr->task_probe->scan_target->list;
3956 	return;
3957 }
3958 
3959 /** create SOA probe packet for xfr */
3960 static void
3961 xfr_create_soa_probe_packet(struct auth_xfer* xfr, sldns_buffer* buf,
3962 	uint16_t id)
3963 {
3964 	struct query_info qinfo;
3965 
3966 	memset(&qinfo, 0, sizeof(qinfo));
3967 	qinfo.qname = xfr->name;
3968 	qinfo.qname_len = xfr->namelen;
3969 	qinfo.qtype = LDNS_RR_TYPE_SOA;
3970 	qinfo.qclass = xfr->dclass;
3971 	qinfo_query_encode(buf, &qinfo);
3972 	sldns_buffer_write_u16_at(buf, 0, id);
3973 }
3974 
3975 /** create IXFR/AXFR packet for xfr */
3976 static void
3977 xfr_create_ixfr_packet(struct auth_xfer* xfr, sldns_buffer* buf, uint16_t id,
3978 	struct auth_master* master)
3979 {
3980 	struct query_info qinfo;
3981 	uint32_t serial;
3982 	int have_zone;
3983 	have_zone = xfr->have_zone;
3984 	serial = xfr->serial;
3985 
3986 	memset(&qinfo, 0, sizeof(qinfo));
3987 	qinfo.qname = xfr->name;
3988 	qinfo.qname_len = xfr->namelen;
3989 	xfr->task_transfer->got_xfr_serial = 0;
3990 	xfr->task_transfer->rr_scan_num = 0;
3991 	xfr->task_transfer->incoming_xfr_serial = 0;
3992 	xfr->task_transfer->on_ixfr_is_axfr = 0;
3993 	xfr->task_transfer->on_ixfr = 1;
3994 	qinfo.qtype = LDNS_RR_TYPE_IXFR;
3995 	if(!have_zone || xfr->task_transfer->ixfr_fail || !master->ixfr) {
3996 		qinfo.qtype = LDNS_RR_TYPE_AXFR;
3997 		xfr->task_transfer->ixfr_fail = 0;
3998 		xfr->task_transfer->on_ixfr = 0;
3999 	}
4000 
4001 	qinfo.qclass = xfr->dclass;
4002 	qinfo_query_encode(buf, &qinfo);
4003 	sldns_buffer_write_u16_at(buf, 0, id);
4004 
4005 	/* append serial for IXFR */
4006 	if(qinfo.qtype == LDNS_RR_TYPE_IXFR) {
4007 		size_t end = sldns_buffer_limit(buf);
4008 		sldns_buffer_clear(buf);
4009 		sldns_buffer_set_position(buf, end);
4010 		/* auth section count 1 */
4011 		sldns_buffer_write_u16_at(buf, LDNS_NSCOUNT_OFF, 1);
4012 		/* write SOA */
4013 		sldns_buffer_write_u8(buf, 0xC0); /* compressed ptr to qname */
4014 		sldns_buffer_write_u8(buf, 0x0C);
4015 		sldns_buffer_write_u16(buf, LDNS_RR_TYPE_SOA);
4016 		sldns_buffer_write_u16(buf, qinfo.qclass);
4017 		sldns_buffer_write_u32(buf, 0); /* ttl */
4018 		sldns_buffer_write_u16(buf, 22); /* rdata length */
4019 		sldns_buffer_write_u8(buf, 0); /* . */
4020 		sldns_buffer_write_u8(buf, 0); /* . */
4021 		sldns_buffer_write_u32(buf, serial); /* serial */
4022 		sldns_buffer_write_u32(buf, 0); /* refresh */
4023 		sldns_buffer_write_u32(buf, 0); /* retry */
4024 		sldns_buffer_write_u32(buf, 0); /* expire */
4025 		sldns_buffer_write_u32(buf, 0); /* minimum */
4026 		sldns_buffer_flip(buf);
4027 	}
4028 }
4029 
4030 /** check if returned packet is OK */
4031 static int
4032 check_packet_ok(sldns_buffer* pkt, uint16_t qtype, struct auth_xfer* xfr,
4033 	uint32_t* serial)
4034 {
4035 	/* parse to see if packet worked, valid reply */
4036 
4037 	/* check serial number of SOA */
4038 	if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE)
4039 		return 0;
4040 
4041 	/* check ID */
4042 	if(LDNS_ID_WIRE(sldns_buffer_begin(pkt)) != xfr->task_probe->id)
4043 		return 0;
4044 
4045 	/* check flag bits and rcode */
4046 	if(!LDNS_QR_WIRE(sldns_buffer_begin(pkt)))
4047 		return 0;
4048 	if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY)
4049 		return 0;
4050 	if(LDNS_RCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_RCODE_NOERROR)
4051 		return 0;
4052 
4053 	/* check qname */
4054 	if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1)
4055 		return 0;
4056 	sldns_buffer_skip(pkt, LDNS_HEADER_SIZE);
4057 	if(sldns_buffer_remaining(pkt) < xfr->namelen)
4058 		return 0;
4059 	if(query_dname_compare(sldns_buffer_current(pkt), xfr->name) != 0)
4060 		return 0;
4061 	sldns_buffer_skip(pkt, (ssize_t)xfr->namelen);
4062 
4063 	/* check qtype, qclass */
4064 	if(sldns_buffer_remaining(pkt) < 4)
4065 		return 0;
4066 	if(sldns_buffer_read_u16(pkt) != qtype)
4067 		return 0;
4068 	if(sldns_buffer_read_u16(pkt) != xfr->dclass)
4069 		return 0;
4070 
4071 	if(serial) {
4072 		uint16_t rdlen;
4073 		/* read serial number, from answer section SOA */
4074 		if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0)
4075 			return 0;
4076 		/* read from first record SOA record */
4077 		if(sldns_buffer_remaining(pkt) < 1)
4078 			return 0;
4079 		if(dname_pkt_compare(pkt, sldns_buffer_current(pkt),
4080 			xfr->name) != 0)
4081 			return 0;
4082 		if(!pkt_dname_len(pkt))
4083 			return 0;
4084 		/* type, class, ttl, rdatalen */
4085 		if(sldns_buffer_remaining(pkt) < 4+4+2)
4086 			return 0;
4087 		if(sldns_buffer_read_u16(pkt) != qtype)
4088 			return 0;
4089 		if(sldns_buffer_read_u16(pkt) != xfr->dclass)
4090 			return 0;
4091 		sldns_buffer_skip(pkt, 4); /* ttl */
4092 		rdlen = sldns_buffer_read_u16(pkt);
4093 		if(sldns_buffer_remaining(pkt) < rdlen)
4094 			return 0;
4095 		if(sldns_buffer_remaining(pkt) < 1)
4096 			return 0;
4097 		if(!pkt_dname_len(pkt)) /* soa name */
4098 			return 0;
4099 		if(sldns_buffer_remaining(pkt) < 1)
4100 			return 0;
4101 		if(!pkt_dname_len(pkt)) /* soa name */
4102 			return 0;
4103 		if(sldns_buffer_remaining(pkt) < 20)
4104 			return 0;
4105 		*serial = sldns_buffer_read_u32(pkt);
4106 	}
4107 	return 1;
4108 }
4109 
4110 /** read one line from chunks into buffer at current position */
4111 static int
4112 chunkline_get_line(struct auth_chunk** chunk, size_t* chunk_pos,
4113 	sldns_buffer* buf)
4114 {
4115 	int readsome = 0;
4116 	while(*chunk) {
4117 		/* more text in this chunk? */
4118 		if(*chunk_pos < (*chunk)->len) {
4119 			readsome = 1;
4120 			while(*chunk_pos < (*chunk)->len) {
4121 				char c = (char)((*chunk)->data[*chunk_pos]);
4122 				(*chunk_pos)++;
4123 				if(sldns_buffer_remaining(buf) < 2) {
4124 					/* buffer too short */
4125 					verbose(VERB_ALGO, "http chunkline, "
4126 						"line too long");
4127 					return 0;
4128 				}
4129 				sldns_buffer_write_u8(buf, (uint8_t)c);
4130 				if(c == '\n') {
4131 					/* we are done */
4132 					return 1;
4133 				}
4134 			}
4135 		}
4136 		/* move to next chunk */
4137 		*chunk = (*chunk)->next;
4138 		*chunk_pos = 0;
4139 	}
4140 	/* no more text */
4141 	if(readsome) return 1;
4142 	return 0;
4143 }
4144 
4145 /** count number of open and closed parenthesis in a chunkline */
4146 static int
4147 chunkline_count_parens(sldns_buffer* buf, size_t start)
4148 {
4149 	size_t end = sldns_buffer_position(buf);
4150 	size_t i;
4151 	int count = 0;
4152 	int squote = 0, dquote = 0;
4153 	for(i=start; i<end; i++) {
4154 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4155 		if(squote && c != '\'') continue;
4156 		if(dquote && c != '"') continue;
4157 		if(c == '"')
4158 			dquote = !dquote; /* skip quoted part */
4159 		else if(c == '\'')
4160 			squote = !squote; /* skip quoted part */
4161 		else if(c == '(')
4162 			count ++;
4163 		else if(c == ')')
4164 			count --;
4165 		else if(c == ';') {
4166 			/* rest is a comment */
4167 			return count;
4168 		}
4169 	}
4170 	return count;
4171 }
4172 
4173 /** remove trailing ;... comment from a line in the chunkline buffer */
4174 static void
4175 chunkline_remove_trailcomment(sldns_buffer* buf, size_t start)
4176 {
4177 	size_t end = sldns_buffer_position(buf);
4178 	size_t i;
4179 	int squote = 0, dquote = 0;
4180 	for(i=start; i<end; i++) {
4181 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4182 		if(squote && c != '\'') continue;
4183 		if(dquote && c != '"') continue;
4184 		if(c == '"')
4185 			dquote = !dquote; /* skip quoted part */
4186 		else if(c == '\'')
4187 			squote = !squote; /* skip quoted part */
4188 		else if(c == ';') {
4189 			/* rest is a comment */
4190 			sldns_buffer_set_position(buf, i);
4191 			return;
4192 		}
4193 	}
4194 	/* nothing to remove */
4195 }
4196 
4197 /** see if a chunkline is a comment line (or empty line) */
4198 static int
4199 chunkline_is_comment_line_or_empty(sldns_buffer* buf)
4200 {
4201 	size_t i, end = sldns_buffer_limit(buf);
4202 	for(i=0; i<end; i++) {
4203 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4204 		if(c == ';')
4205 			return 1; /* comment */
4206 		else if(c != ' ' && c != '\t' && c != '\r' && c != '\n')
4207 			return 0; /* not a comment */
4208 	}
4209 	return 1; /* empty */
4210 }
4211 
4212 /** find a line with ( ) collated */
4213 static int
4214 chunkline_get_line_collated(struct auth_chunk** chunk, size_t* chunk_pos,
4215 	sldns_buffer* buf)
4216 {
4217 	size_t pos;
4218 	int parens = 0;
4219 	sldns_buffer_clear(buf);
4220 	pos = sldns_buffer_position(buf);
4221 	if(!chunkline_get_line(chunk, chunk_pos, buf)) {
4222 		if(sldns_buffer_position(buf) < sldns_buffer_limit(buf))
4223 			sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0);
4224 		else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0);
4225 		sldns_buffer_flip(buf);
4226 		return 0;
4227 	}
4228 	parens += chunkline_count_parens(buf, pos);
4229 	while(parens > 0) {
4230 		chunkline_remove_trailcomment(buf, pos);
4231 		pos = sldns_buffer_position(buf);
4232 		if(!chunkline_get_line(chunk, chunk_pos, buf)) {
4233 			if(sldns_buffer_position(buf) < sldns_buffer_limit(buf))
4234 				sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0);
4235 			else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0);
4236 			sldns_buffer_flip(buf);
4237 			return 0;
4238 		}
4239 		parens += chunkline_count_parens(buf, pos);
4240 	}
4241 
4242 	if(sldns_buffer_remaining(buf) < 1) {
4243 		verbose(VERB_ALGO, "http chunkline: "
4244 			"line too long");
4245 		return 0;
4246 	}
4247 	sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0);
4248 	sldns_buffer_flip(buf);
4249 	return 1;
4250 }
4251 
4252 /** process $ORIGIN for http */
4253 static int
4254 http_parse_origin(sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4255 {
4256 	char* line = (char*)sldns_buffer_begin(buf);
4257 	if(strncmp(line, "$ORIGIN", 7) == 0 &&
4258 		isspace((unsigned char)line[7])) {
4259 		int s;
4260 		pstate->origin_len = sizeof(pstate->origin);
4261 		s = sldns_str2wire_dname_buf(sldns_strip_ws(line+8),
4262 			pstate->origin, &pstate->origin_len);
4263 		if(s) pstate->origin_len = 0;
4264 		return 1;
4265 	}
4266 	return 0;
4267 }
4268 
4269 /** process $TTL for http */
4270 static int
4271 http_parse_ttl(sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4272 {
4273 	char* line = (char*)sldns_buffer_begin(buf);
4274 	if(strncmp(line, "$TTL", 4) == 0 &&
4275 		isspace((unsigned char)line[4])) {
4276 		const char* end = NULL;
4277 		pstate->default_ttl = sldns_str2period(
4278 			sldns_strip_ws(line+5), &end);
4279 		return 1;
4280 	}
4281 	return 0;
4282 }
4283 
4284 /** find noncomment RR line in chunks, collates lines if ( ) format */
4285 static int
4286 chunkline_non_comment_RR(struct auth_chunk** chunk, size_t* chunk_pos,
4287 	sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4288 {
4289 	while(chunkline_get_line_collated(chunk, chunk_pos, buf)) {
4290 		if(chunkline_is_comment_line_or_empty(buf)) {
4291 			/* a comment, go to next line */
4292 			continue;
4293 		}
4294 		if(http_parse_origin(buf, pstate)) {
4295 			continue; /* $ORIGIN has been handled */
4296 		}
4297 		if(http_parse_ttl(buf, pstate)) {
4298 			continue; /* $TTL has been handled */
4299 		}
4300 		return 1;
4301 	}
4302 	/* no noncomments, fail */
4303 	return 0;
4304 }
4305 
4306 /** check syntax of chunklist zonefile, parse first RR, return false on
4307  * failure and return a string in the scratch buffer (first RR string)
4308  * on failure. */
4309 static int
4310 http_zonefile_syntax_check(struct auth_xfer* xfr, sldns_buffer* buf)
4311 {
4312 	uint8_t rr[LDNS_RR_BUF_SIZE];
4313 	size_t rr_len, dname_len = 0;
4314 	struct sldns_file_parse_state pstate;
4315 	struct auth_chunk* chunk;
4316 	size_t chunk_pos;
4317 	int e;
4318 	memset(&pstate, 0, sizeof(pstate));
4319 	pstate.default_ttl = 3600;
4320 	if(xfr->namelen < sizeof(pstate.origin)) {
4321 		pstate.origin_len = xfr->namelen;
4322 		memmove(pstate.origin, xfr->name, xfr->namelen);
4323 	}
4324 	chunk = xfr->task_transfer->chunks_first;
4325 	chunk_pos = 0;
4326 	if(!chunkline_non_comment_RR(&chunk, &chunk_pos, buf, &pstate)) {
4327 		return 0;
4328 	}
4329 	rr_len = sizeof(rr);
4330 	e=sldns_str2wire_rr_buf((char*)sldns_buffer_begin(buf), rr, &rr_len,
4331 		&dname_len, pstate.default_ttl,
4332 		pstate.origin_len?pstate.origin:NULL, pstate.origin_len,
4333 		pstate.prev_rr_len?pstate.prev_rr:NULL, pstate.prev_rr_len);
4334 	if(e != 0) {
4335 		log_err("parse failure on first RR[%d]: %s",
4336 			LDNS_WIREPARSE_OFFSET(e),
4337 			sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e)));
4338 		return 0;
4339 	}
4340 	/* check that class is correct */
4341 	if(sldns_wirerr_get_class(rr, rr_len, dname_len) != xfr->dclass) {
4342 		log_err("parse failure: first record in downloaded zonefile "
4343 			"from wrong RR class");
4344 		return 0;
4345 	}
4346 	return 1;
4347 }
4348 
4349 /** sum sizes of chunklist */
4350 static size_t
4351 chunklist_sum(struct auth_chunk* list)
4352 {
4353 	struct auth_chunk* p;
4354 	size_t s = 0;
4355 	for(p=list; p; p=p->next) {
4356 		s += p->len;
4357 	}
4358 	return s;
4359 }
4360 
4361 /** remove newlines from collated line */
4362 static void
4363 chunkline_newline_removal(sldns_buffer* buf)
4364 {
4365 	size_t i, end=sldns_buffer_limit(buf);
4366 	for(i=0; i<end; i++) {
4367 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4368 		if(c == '\n' && i==end-1) {
4369 			sldns_buffer_write_u8_at(buf, i, 0);
4370 			sldns_buffer_set_limit(buf, end-1);
4371 			return;
4372 		}
4373 		if(c == '\n')
4374 			sldns_buffer_write_u8_at(buf, i, (uint8_t)' ');
4375 	}
4376 }
4377 
4378 /** for http download, parse and add RR to zone */
4379 static int
4380 http_parse_add_rr(struct auth_xfer* xfr, struct auth_zone* z,
4381 	sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4382 {
4383 	uint8_t rr[LDNS_RR_BUF_SIZE];
4384 	size_t rr_len, dname_len = 0;
4385 	int e;
4386 	char* line = (char*)sldns_buffer_begin(buf);
4387 	rr_len = sizeof(rr);
4388 	e = sldns_str2wire_rr_buf(line, rr, &rr_len, &dname_len,
4389 		pstate->default_ttl,
4390 		pstate->origin_len?pstate->origin:NULL, pstate->origin_len,
4391 		pstate->prev_rr_len?pstate->prev_rr:NULL, pstate->prev_rr_len);
4392 	if(e != 0) {
4393 		log_err("%s/%s parse failure RR[%d]: %s in '%s'",
4394 			xfr->task_transfer->master->host,
4395 			xfr->task_transfer->master->file,
4396 			LDNS_WIREPARSE_OFFSET(e),
4397 			sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e)),
4398 			line);
4399 		return 0;
4400 	}
4401 	if(rr_len == 0)
4402 		return 1; /* empty line or so */
4403 
4404 	/* set prev */
4405 	if(dname_len < sizeof(pstate->prev_rr)) {
4406 		memmove(pstate->prev_rr, rr, dname_len);
4407 		pstate->prev_rr_len = dname_len;
4408 	}
4409 
4410 	return az_insert_rr(z, rr, rr_len, dname_len, NULL);
4411 }
4412 
4413 /** RR list iterator, returns RRs from answer section one by one from the
4414  * dns packets in the chunklist */
4415 static void
4416 chunk_rrlist_start(struct auth_xfer* xfr, struct auth_chunk** rr_chunk,
4417 	int* rr_num, size_t* rr_pos)
4418 {
4419 	*rr_chunk = xfr->task_transfer->chunks_first;
4420 	*rr_num = 0;
4421 	*rr_pos = 0;
4422 }
4423 
4424 /** RR list iterator, see if we are at the end of the list */
4425 static int
4426 chunk_rrlist_end(struct auth_chunk* rr_chunk, int rr_num)
4427 {
4428 	while(rr_chunk) {
4429 		if(rr_chunk->len < LDNS_HEADER_SIZE)
4430 			return 1;
4431 		if(rr_num < (int)LDNS_ANCOUNT(rr_chunk->data))
4432 			return 0;
4433 		/* no more RRs in this chunk */
4434 		/* continue with next chunk, see if it has RRs */
4435 		rr_chunk = rr_chunk->next;
4436 		rr_num = 0;
4437 	}
4438 	return 1;
4439 }
4440 
4441 /** RR list iterator, move to next RR */
4442 static void
4443 chunk_rrlist_gonext(struct auth_chunk** rr_chunk, int* rr_num,
4444 	size_t* rr_pos, size_t rr_nextpos)
4445 {
4446 	/* already at end of chunks? */
4447 	if(!*rr_chunk)
4448 		return;
4449 	/* move within this chunk */
4450 	if((*rr_chunk)->len >= LDNS_HEADER_SIZE &&
4451 		(*rr_num)+1 < (int)LDNS_ANCOUNT((*rr_chunk)->data)) {
4452 		(*rr_num) += 1;
4453 		*rr_pos = rr_nextpos;
4454 		return;
4455 	}
4456 	/* no more RRs in this chunk */
4457 	/* continue with next chunk, see if it has RRs */
4458 	if(*rr_chunk)
4459 		*rr_chunk = (*rr_chunk)->next;
4460 	while(*rr_chunk) {
4461 		*rr_num = 0;
4462 		*rr_pos = 0;
4463 		if((*rr_chunk)->len >= LDNS_HEADER_SIZE &&
4464 			LDNS_ANCOUNT((*rr_chunk)->data) > 0) {
4465 			return;
4466 		}
4467 		*rr_chunk = (*rr_chunk)->next;
4468 	}
4469 }
4470 
4471 /** RR iterator, get current RR information, false on parse error */
4472 static int
4473 chunk_rrlist_get_current(struct auth_chunk* rr_chunk, int rr_num,
4474 	size_t rr_pos, uint8_t** rr_dname, uint16_t* rr_type,
4475 	uint16_t* rr_class, uint32_t* rr_ttl, uint16_t* rr_rdlen,
4476 	uint8_t** rr_rdata, size_t* rr_nextpos)
4477 {
4478 	sldns_buffer pkt;
4479 	/* integrity checks on position */
4480 	if(!rr_chunk) return 0;
4481 	if(rr_chunk->len < LDNS_HEADER_SIZE) return 0;
4482 	if(rr_num >= (int)LDNS_ANCOUNT(rr_chunk->data)) return 0;
4483 	if(rr_pos >= rr_chunk->len) return 0;
4484 
4485 	/* fetch rr information */
4486 	sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len);
4487 	if(rr_pos == 0) {
4488 		size_t i;
4489 		/* skip question section */
4490 		sldns_buffer_set_position(&pkt, LDNS_HEADER_SIZE);
4491 		for(i=0; i<LDNS_QDCOUNT(rr_chunk->data); i++) {
4492 			if(pkt_dname_len(&pkt) == 0) return 0;
4493 			if(sldns_buffer_remaining(&pkt) < 4) return 0;
4494 			sldns_buffer_skip(&pkt, 4); /* type and class */
4495 		}
4496 	} else	{
4497 		sldns_buffer_set_position(&pkt, rr_pos);
4498 	}
4499 	*rr_dname = sldns_buffer_current(&pkt);
4500 	if(pkt_dname_len(&pkt) == 0) return 0;
4501 	if(sldns_buffer_remaining(&pkt) < 10) return 0;
4502 	*rr_type = sldns_buffer_read_u16(&pkt);
4503 	*rr_class = sldns_buffer_read_u16(&pkt);
4504 	*rr_ttl = sldns_buffer_read_u32(&pkt);
4505 	*rr_rdlen = sldns_buffer_read_u16(&pkt);
4506 	if(sldns_buffer_remaining(&pkt) < (*rr_rdlen)) return 0;
4507 	*rr_rdata = sldns_buffer_current(&pkt);
4508 	sldns_buffer_skip(&pkt, (ssize_t)(*rr_rdlen));
4509 	*rr_nextpos = sldns_buffer_position(&pkt);
4510 	return 1;
4511 }
4512 
4513 /** print log message where we are in parsing the zone transfer */
4514 static void
4515 log_rrlist_position(const char* label, struct auth_chunk* rr_chunk,
4516 	uint8_t* rr_dname, uint16_t rr_type, size_t rr_counter)
4517 {
4518 	sldns_buffer pkt;
4519 	size_t dlen;
4520 	uint8_t buf[256];
4521 	char str[256];
4522 	char typestr[32];
4523 	sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len);
4524 	sldns_buffer_set_position(&pkt, (size_t)(rr_dname -
4525 		sldns_buffer_begin(&pkt)));
4526 	if((dlen=pkt_dname_len(&pkt)) == 0) return;
4527 	if(dlen >= sizeof(buf)) return;
4528 	dname_pkt_copy(&pkt, buf, rr_dname);
4529 	dname_str(buf, str);
4530 	(void)sldns_wire2str_type_buf(rr_type, typestr, sizeof(typestr));
4531 	verbose(VERB_ALGO, "%s at[%d] %s %s", label, (int)rr_counter,
4532 		str, typestr);
4533 }
4534 
4535 /** check that start serial is OK for ixfr. we are at rr_counter == 0,
4536  * and we are going to check rr_counter == 1 (has to be type SOA) serial */
4537 static int
4538 ixfr_start_serial(struct auth_chunk* rr_chunk, int rr_num, size_t rr_pos,
4539 	uint8_t* rr_dname, uint16_t rr_type, uint16_t rr_class,
4540 	uint32_t rr_ttl, uint16_t rr_rdlen, uint8_t* rr_rdata,
4541 	size_t rr_nextpos, uint32_t transfer_serial, uint32_t xfr_serial)
4542 {
4543 	uint32_t startserial;
4544 	/* move forward on RR */
4545 	chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos);
4546 	if(chunk_rrlist_end(rr_chunk, rr_num)) {
4547 		/* no second SOA */
4548 		verbose(VERB_OPS, "IXFR has no second SOA record");
4549 		return 0;
4550 	}
4551 	if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos,
4552 		&rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen,
4553 		&rr_rdata, &rr_nextpos)) {
4554 		verbose(VERB_OPS, "IXFR cannot parse second SOA record");
4555 		/* failed to parse RR */
4556 		return 0;
4557 	}
4558 	if(rr_type != LDNS_RR_TYPE_SOA) {
4559 		verbose(VERB_OPS, "IXFR second record is not type SOA");
4560 		return 0;
4561 	}
4562 	if(rr_rdlen < 22) {
4563 		verbose(VERB_OPS, "IXFR, second SOA has short rdlength");
4564 		return 0; /* bad SOA rdlen */
4565 	}
4566 	startserial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
4567 	if(startserial == transfer_serial) {
4568 		/* empty AXFR, not an IXFR */
4569 		verbose(VERB_OPS, "IXFR second serial same as first");
4570 		return 0;
4571 	}
4572 	if(startserial != xfr_serial) {
4573 		/* wrong start serial, it does not match the serial in
4574 		 * memory */
4575 		verbose(VERB_OPS, "IXFR is from serial %u to %u but %u "
4576 			"in memory, rejecting the zone transfer",
4577 			(unsigned)startserial, (unsigned)transfer_serial,
4578 			(unsigned)xfr_serial);
4579 		return 0;
4580 	}
4581 	/* everything OK in second SOA serial */
4582 	return 1;
4583 }
4584 
4585 /** apply IXFR to zone in memory. z is locked. false on failure(mallocfail) */
4586 static int
4587 apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z,
4588 	struct sldns_buffer* scratch_buffer)
4589 {
4590 	struct auth_chunk* rr_chunk;
4591 	int rr_num;
4592 	size_t rr_pos;
4593 	uint8_t* rr_dname, *rr_rdata;
4594 	uint16_t rr_type, rr_class, rr_rdlen;
4595 	uint32_t rr_ttl;
4596 	size_t rr_nextpos;
4597 	int have_transfer_serial = 0;
4598 	uint32_t transfer_serial = 0;
4599 	size_t rr_counter = 0;
4600 	int delmode = 0;
4601 	int softfail = 0;
4602 
4603 	/* start RR iterator over chunklist of packets */
4604 	chunk_rrlist_start(xfr, &rr_chunk, &rr_num, &rr_pos);
4605 	while(!chunk_rrlist_end(rr_chunk, rr_num)) {
4606 		if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos,
4607 			&rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen,
4608 			&rr_rdata, &rr_nextpos)) {
4609 			/* failed to parse RR */
4610 			return 0;
4611 		}
4612 		if(verbosity>=7) log_rrlist_position("apply ixfr",
4613 			rr_chunk, rr_dname, rr_type, rr_counter);
4614 		/* twiddle add/del mode and check for start and end */
4615 		if(rr_counter == 0 && rr_type != LDNS_RR_TYPE_SOA)
4616 			return 0;
4617 		if(rr_counter == 1 && rr_type != LDNS_RR_TYPE_SOA) {
4618 			/* this is an AXFR returned from the IXFR master */
4619 			/* but that should already have been detected, by
4620 			 * on_ixfr_is_axfr */
4621 			return 0;
4622 		}
4623 		if(rr_type == LDNS_RR_TYPE_SOA) {
4624 			uint32_t serial;
4625 			if(rr_rdlen < 22) return 0; /* bad SOA rdlen */
4626 			serial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
4627 			if(have_transfer_serial == 0) {
4628 				have_transfer_serial = 1;
4629 				transfer_serial = serial;
4630 				delmode = 1; /* gets negated below */
4631 				/* check second RR before going any further */
4632 				if(!ixfr_start_serial(rr_chunk, rr_num, rr_pos,
4633 					rr_dname, rr_type, rr_class, rr_ttl,
4634 					rr_rdlen, rr_rdata, rr_nextpos,
4635 					transfer_serial, xfr->serial)) {
4636 					return 0;
4637 				}
4638 			} else if(transfer_serial == serial) {
4639 				have_transfer_serial++;
4640 				if(rr_counter == 1) {
4641 					/* empty AXFR, with SOA; SOA; */
4642 					/* should have been detected by
4643 					 * on_ixfr_is_axfr */
4644 					return 0;
4645 				}
4646 				if(have_transfer_serial == 3) {
4647 					/* see serial three times for end */
4648 					/* eg. IXFR:
4649 					 *  SOA 3 start
4650 					 *  SOA 1 second RR, followed by del
4651 					 *  SOA 2 followed by add
4652 					 *  SOA 2 followed by del
4653 					 *  SOA 3 followed by add
4654 					 *  SOA 3 end */
4655 					/* ended by SOA record */
4656 					xfr->serial = transfer_serial;
4657 					break;
4658 				}
4659 			}
4660 			/* twiddle add/del mode */
4661 			/* switch from delete part to add part and back again
4662 			 * just before the soa, it gets deleted and added too
4663 			 * this means we switch to delete mode for the final
4664 			 * SOA(so skip that one) */
4665 			delmode = !delmode;
4666 		}
4667 		/* process this RR */
4668 		/* if the RR is deleted twice or added twice, then we
4669 		 * softfail, and continue with the rest of the IXFR, so
4670 		 * that we serve something fairly nice during the refetch */
4671 		if(verbosity>=7) log_rrlist_position((delmode?"del":"add"),
4672 			rr_chunk, rr_dname, rr_type, rr_counter);
4673 		if(delmode) {
4674 			/* delete this RR */
4675 			int nonexist = 0;
4676 			if(!az_remove_rr_decompress(z, rr_chunk->data,
4677 				rr_chunk->len, scratch_buffer, rr_dname,
4678 				rr_type, rr_class, rr_ttl, rr_rdata, rr_rdlen,
4679 				&nonexist)) {
4680 				/* failed, malloc error or so */
4681 				return 0;
4682 			}
4683 			if(nonexist) {
4684 				/* it was removal of a nonexisting RR */
4685 				if(verbosity>=4) log_rrlist_position(
4686 					"IXFR error nonexistent RR",
4687 					rr_chunk, rr_dname, rr_type, rr_counter);
4688 				softfail = 1;
4689 			}
4690 		} else if(rr_counter != 0) {
4691 			/* skip first SOA RR for addition, it is added in
4692 			 * the addition part near the end of the ixfr, when
4693 			 * that serial is seen the second time. */
4694 			int duplicate = 0;
4695 			/* add this RR */
4696 			if(!az_insert_rr_decompress(z, rr_chunk->data,
4697 				rr_chunk->len, scratch_buffer, rr_dname,
4698 				rr_type, rr_class, rr_ttl, rr_rdata, rr_rdlen,
4699 				&duplicate)) {
4700 				/* failed, malloc error or so */
4701 				return 0;
4702 			}
4703 			if(duplicate) {
4704 				/* it was a duplicate */
4705 				if(verbosity>=4) log_rrlist_position(
4706 					"IXFR error duplicate RR",
4707 					rr_chunk, rr_dname, rr_type, rr_counter);
4708 				softfail = 1;
4709 			}
4710 		}
4711 
4712 		rr_counter++;
4713 		chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos);
4714 	}
4715 	if(softfail) {
4716 		verbose(VERB_ALGO, "IXFR did not apply cleanly, fetching full zone");
4717 		return 0;
4718 	}
4719 	return 1;
4720 }
4721 
4722 /** apply AXFR to zone in memory. z is locked. false on failure(mallocfail) */
4723 static int
4724 apply_axfr(struct auth_xfer* xfr, struct auth_zone* z,
4725 	struct sldns_buffer* scratch_buffer)
4726 {
4727 	struct auth_chunk* rr_chunk;
4728 	int rr_num;
4729 	size_t rr_pos;
4730 	uint8_t* rr_dname, *rr_rdata;
4731 	uint16_t rr_type, rr_class, rr_rdlen;
4732 	uint32_t rr_ttl;
4733 	uint32_t serial = 0;
4734 	size_t rr_nextpos;
4735 	size_t rr_counter = 0;
4736 	int have_end_soa = 0;
4737 
4738 	/* clear the data tree */
4739 	traverse_postorder(&z->data, auth_data_del, NULL);
4740 	rbtree_init(&z->data, &auth_data_cmp);
4741 	/* clear the RPZ policies */
4742 	if(z->rpz)
4743 		rpz_clear(z->rpz);
4744 
4745 	xfr->have_zone = 0;
4746 	xfr->serial = 0;
4747 
4748 	/* insert all RRs in to the zone */
4749 	/* insert the SOA only once, skip the last one */
4750 	/* start RR iterator over chunklist of packets */
4751 	chunk_rrlist_start(xfr, &rr_chunk, &rr_num, &rr_pos);
4752 	while(!chunk_rrlist_end(rr_chunk, rr_num)) {
4753 		if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos,
4754 			&rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen,
4755 			&rr_rdata, &rr_nextpos)) {
4756 			/* failed to parse RR */
4757 			return 0;
4758 		}
4759 		if(verbosity>=7) log_rrlist_position("apply_axfr",
4760 			rr_chunk, rr_dname, rr_type, rr_counter);
4761 		if(rr_type == LDNS_RR_TYPE_SOA) {
4762 			if(rr_counter != 0) {
4763 				/* end of the axfr */
4764 				have_end_soa = 1;
4765 				break;
4766 			}
4767 			if(rr_rdlen < 22) return 0; /* bad SOA rdlen */
4768 			serial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
4769 		}
4770 
4771 		/* add this RR */
4772 		if(!az_insert_rr_decompress(z, rr_chunk->data, rr_chunk->len,
4773 			scratch_buffer, rr_dname, rr_type, rr_class, rr_ttl,
4774 			rr_rdata, rr_rdlen, NULL)) {
4775 			/* failed, malloc error or so */
4776 			return 0;
4777 		}
4778 
4779 		rr_counter++;
4780 		chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos);
4781 	}
4782 	if(!have_end_soa) {
4783 		log_err("no end SOA record for AXFR");
4784 		return 0;
4785 	}
4786 
4787 	xfr->serial = serial;
4788 	xfr->have_zone = 1;
4789 	return 1;
4790 }
4791 
4792 /** apply HTTP to zone in memory. z is locked. false on failure(mallocfail) */
4793 static int
4794 apply_http(struct auth_xfer* xfr, struct auth_zone* z,
4795 	struct sldns_buffer* scratch_buffer)
4796 {
4797 	/* parse data in chunks */
4798 	/* parse RR's and read into memory. ignore $INCLUDE from the
4799 	 * downloaded file*/
4800 	struct sldns_file_parse_state pstate;
4801 	struct auth_chunk* chunk;
4802 	size_t chunk_pos;
4803 	memset(&pstate, 0, sizeof(pstate));
4804 	pstate.default_ttl = 3600;
4805 	if(xfr->namelen < sizeof(pstate.origin)) {
4806 		pstate.origin_len = xfr->namelen;
4807 		memmove(pstate.origin, xfr->name, xfr->namelen);
4808 	}
4809 
4810 	if(verbosity >= VERB_ALGO)
4811 		verbose(VERB_ALGO, "http download %s of size %d",
4812 		xfr->task_transfer->master->file,
4813 		(int)chunklist_sum(xfr->task_transfer->chunks_first));
4814 	if(xfr->task_transfer->chunks_first && verbosity >= VERB_ALGO) {
4815 		char preview[1024];
4816 		if(xfr->task_transfer->chunks_first->len+1 > sizeof(preview)) {
4817 			memmove(preview, xfr->task_transfer->chunks_first->data,
4818 				sizeof(preview)-1);
4819 			preview[sizeof(preview)-1]=0;
4820 		} else {
4821 			memmove(preview, xfr->task_transfer->chunks_first->data,
4822 				xfr->task_transfer->chunks_first->len);
4823 			preview[xfr->task_transfer->chunks_first->len]=0;
4824 		}
4825 		log_info("auth zone http downloaded content preview: %s",
4826 			preview);
4827 	}
4828 
4829 	/* perhaps a little syntax check before we try to apply the data? */
4830 	if(!http_zonefile_syntax_check(xfr, scratch_buffer)) {
4831 		log_err("http download %s/%s does not contain a zonefile, "
4832 			"but got '%s'", xfr->task_transfer->master->host,
4833 			xfr->task_transfer->master->file,
4834 			sldns_buffer_begin(scratch_buffer));
4835 		return 0;
4836 	}
4837 
4838 	/* clear the data tree */
4839 	traverse_postorder(&z->data, auth_data_del, NULL);
4840 	rbtree_init(&z->data, &auth_data_cmp);
4841 	/* clear the RPZ policies */
4842 	if(z->rpz)
4843 		rpz_clear(z->rpz);
4844 
4845 	xfr->have_zone = 0;
4846 	xfr->serial = 0;
4847 
4848 	chunk = xfr->task_transfer->chunks_first;
4849 	chunk_pos = 0;
4850 	pstate.lineno = 0;
4851 	while(chunkline_get_line_collated(&chunk, &chunk_pos, scratch_buffer)) {
4852 		/* process this line */
4853 		pstate.lineno++;
4854 		chunkline_newline_removal(scratch_buffer);
4855 		if(chunkline_is_comment_line_or_empty(scratch_buffer)) {
4856 			continue;
4857 		}
4858 		/* parse line and add RR */
4859 		if(http_parse_origin(scratch_buffer, &pstate)) {
4860 			continue; /* $ORIGIN has been handled */
4861 		}
4862 		if(http_parse_ttl(scratch_buffer, &pstate)) {
4863 			continue; /* $TTL has been handled */
4864 		}
4865 		if(!http_parse_add_rr(xfr, z, scratch_buffer, &pstate)) {
4866 			verbose(VERB_ALGO, "error parsing line [%s:%d] %s",
4867 				xfr->task_transfer->master->file,
4868 				pstate.lineno,
4869 				sldns_buffer_begin(scratch_buffer));
4870 			return 0;
4871 		}
4872 	}
4873 	return 1;
4874 }
4875 
4876 /** write http chunks to zonefile to create downloaded file */
4877 static int
4878 auth_zone_write_chunks(struct auth_xfer* xfr, const char* fname)
4879 {
4880 	FILE* out;
4881 	struct auth_chunk* p;
4882 	out = fopen(fname, "w");
4883 	if(!out) {
4884 		log_err("could not open %s: %s", fname, strerror(errno));
4885 		return 0;
4886 	}
4887 	for(p = xfr->task_transfer->chunks_first; p ; p = p->next) {
4888 		if(!write_out(out, (char*)p->data, p->len)) {
4889 			log_err("could not write http download to %s", fname);
4890 			fclose(out);
4891 			return 0;
4892 		}
4893 	}
4894 	fclose(out);
4895 	return 1;
4896 }
4897 
4898 /** write to zonefile after zone has been updated */
4899 static void
4900 xfr_write_after_update(struct auth_xfer* xfr, struct module_env* env)
4901 {
4902 	struct config_file* cfg = env->cfg;
4903 	struct auth_zone* z;
4904 	char tmpfile[1024];
4905 	char* zfilename;
4906 	lock_basic_unlock(&xfr->lock);
4907 
4908 	/* get lock again, so it is a readlock and concurrently queries
4909 	 * can be answered */
4910 	lock_rw_rdlock(&env->auth_zones->lock);
4911 	z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
4912 		xfr->dclass);
4913 	if(!z) {
4914 		lock_rw_unlock(&env->auth_zones->lock);
4915 		/* the zone is gone, ignore xfr results */
4916 		lock_basic_lock(&xfr->lock);
4917 		return;
4918 	}
4919 	lock_rw_rdlock(&z->lock);
4920 	lock_basic_lock(&xfr->lock);
4921 	lock_rw_unlock(&env->auth_zones->lock);
4922 
4923 	if(z->zonefile == NULL || z->zonefile[0] == 0) {
4924 		lock_rw_unlock(&z->lock);
4925 		/* no write needed, no zonefile set */
4926 		return;
4927 	}
4928 	zfilename = z->zonefile;
4929 	if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(zfilename,
4930 		cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
4931 		zfilename += strlen(cfg->chrootdir);
4932 	if(verbosity >= VERB_ALGO) {
4933 		char nm[255+1];
4934 		dname_str(z->name, nm);
4935 		verbose(VERB_ALGO, "write zonefile %s for %s", zfilename, nm);
4936 	}
4937 
4938 	/* write to tempfile first */
4939 	if((size_t)strlen(zfilename) + 16 > sizeof(tmpfile)) {
4940 		verbose(VERB_ALGO, "tmpfilename too long, cannot update "
4941 			" zonefile %s", zfilename);
4942 		lock_rw_unlock(&z->lock);
4943 		return;
4944 	}
4945 	snprintf(tmpfile, sizeof(tmpfile), "%s.tmp%u", zfilename,
4946 		(unsigned)getpid());
4947 	if(xfr->task_transfer->master->http) {
4948 		/* use the stored chunk list to write them */
4949 		if(!auth_zone_write_chunks(xfr, tmpfile)) {
4950 			unlink(tmpfile);
4951 			lock_rw_unlock(&z->lock);
4952 			return;
4953 		}
4954 	} else if(!auth_zone_write_file(z, tmpfile)) {
4955 		unlink(tmpfile);
4956 		lock_rw_unlock(&z->lock);
4957 		return;
4958 	}
4959 	if(rename(tmpfile, zfilename) < 0) {
4960 		log_err("could not rename(%s, %s): %s", tmpfile, zfilename,
4961 			strerror(errno));
4962 		unlink(tmpfile);
4963 		lock_rw_unlock(&z->lock);
4964 		return;
4965 	}
4966 	lock_rw_unlock(&z->lock);
4967 }
4968 
4969 /** process chunk list and update zone in memory,
4970  * return false if it did not work */
4971 static int
4972 xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env,
4973 	int* ixfr_fail)
4974 {
4975 	struct auth_zone* z;
4976 
4977 	/* obtain locks and structures */
4978 	/* release xfr lock, then, while holding az->lock grab both
4979 	 * z->lock and xfr->lock */
4980 	lock_basic_unlock(&xfr->lock);
4981 	lock_rw_rdlock(&env->auth_zones->lock);
4982 	z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
4983 		xfr->dclass);
4984 	if(!z) {
4985 		lock_rw_unlock(&env->auth_zones->lock);
4986 		/* the zone is gone, ignore xfr results */
4987 		lock_basic_lock(&xfr->lock);
4988 		return 0;
4989 	}
4990 	lock_rw_wrlock(&z->lock);
4991 	lock_basic_lock(&xfr->lock);
4992 	lock_rw_unlock(&env->auth_zones->lock);
4993 
4994 	/* apply data */
4995 	if(xfr->task_transfer->master->http) {
4996 		if(!apply_http(xfr, z, env->scratch_buffer)) {
4997 			lock_rw_unlock(&z->lock);
4998 			verbose(VERB_ALGO, "http from %s: could not store data",
4999 				xfr->task_transfer->master->host);
5000 			return 0;
5001 		}
5002 	} else if(xfr->task_transfer->on_ixfr &&
5003 		!xfr->task_transfer->on_ixfr_is_axfr) {
5004 		if(!apply_ixfr(xfr, z, env->scratch_buffer)) {
5005 			lock_rw_unlock(&z->lock);
5006 			verbose(VERB_ALGO, "xfr from %s: could not store IXFR"
5007 				" data", xfr->task_transfer->master->host);
5008 			*ixfr_fail = 1;
5009 			return 0;
5010 		}
5011 	} else {
5012 		if(!apply_axfr(xfr, z, env->scratch_buffer)) {
5013 			lock_rw_unlock(&z->lock);
5014 			verbose(VERB_ALGO, "xfr from %s: could not store AXFR"
5015 				" data", xfr->task_transfer->master->host);
5016 			return 0;
5017 		}
5018 	}
5019 	xfr->zone_expired = 0;
5020 	z->zone_expired = 0;
5021 	if(!xfr_find_soa(z, xfr)) {
5022 		lock_rw_unlock(&z->lock);
5023 		verbose(VERB_ALGO, "xfr from %s: no SOA in zone after update"
5024 			" (or malformed RR)", xfr->task_transfer->master->host);
5025 		return 0;
5026 	}
5027 	if(xfr->have_zone)
5028 		xfr->lease_time = *env->now;
5029 
5030 	if(z->rpz)
5031 		rpz_finish_config(z->rpz);
5032 
5033 	/* unlock */
5034 	lock_rw_unlock(&z->lock);
5035 
5036 	if(verbosity >= VERB_QUERY && xfr->have_zone) {
5037 		char zname[256];
5038 		dname_str(xfr->name, zname);
5039 		verbose(VERB_QUERY, "auth zone %s updated to serial %u", zname,
5040 			(unsigned)xfr->serial);
5041 	}
5042 	/* see if we need to write to a zonefile */
5043 	xfr_write_after_update(xfr, env);
5044 	return 1;
5045 }
5046 
5047 /** disown task_transfer.  caller must hold xfr.lock */
5048 static void
5049 xfr_transfer_disown(struct auth_xfer* xfr)
5050 {
5051 	/* remove timer (from this worker's event base) */
5052 	comm_timer_delete(xfr->task_transfer->timer);
5053 	xfr->task_transfer->timer = NULL;
5054 	/* remove the commpoint */
5055 	comm_point_delete(xfr->task_transfer->cp);
5056 	xfr->task_transfer->cp = NULL;
5057 	/* we don't own this item anymore */
5058 	xfr->task_transfer->worker = NULL;
5059 	xfr->task_transfer->env = NULL;
5060 }
5061 
5062 /** lookup a host name for its addresses, if needed */
5063 static int
5064 xfr_transfer_lookup_host(struct auth_xfer* xfr, struct module_env* env)
5065 {
5066 	struct sockaddr_storage addr;
5067 	socklen_t addrlen = 0;
5068 	struct auth_master* master = xfr->task_transfer->lookup_target;
5069 	struct query_info qinfo;
5070 	uint16_t qflags = BIT_RD;
5071 	uint8_t dname[LDNS_MAX_DOMAINLEN+1];
5072 	struct edns_data edns;
5073 	sldns_buffer* buf = env->scratch_buffer;
5074 	if(!master) return 0;
5075 	if(extstrtoaddr(master->host, &addr, &addrlen)) {
5076 		/* not needed, host is in IP addr format */
5077 		return 0;
5078 	}
5079 	if(master->allow_notify)
5080 		return 0; /* allow-notifies are not transferred from, no
5081 		lookup is needed */
5082 
5083 	/* use mesh_new_callback to probe for non-addr hosts,
5084 	 * and then wait for them to be looked up (in cache, or query) */
5085 	qinfo.qname_len = sizeof(dname);
5086 	if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len)
5087 		!= 0) {
5088 		log_err("cannot parse host name of master %s", master->host);
5089 		return 0;
5090 	}
5091 	qinfo.qname = dname;
5092 	qinfo.qclass = xfr->dclass;
5093 	qinfo.qtype = LDNS_RR_TYPE_A;
5094 	if(xfr->task_transfer->lookup_aaaa)
5095 		qinfo.qtype = LDNS_RR_TYPE_AAAA;
5096 	qinfo.local_alias = NULL;
5097 	if(verbosity >= VERB_ALGO) {
5098 		char buf1[512];
5099 		char buf2[LDNS_MAX_DOMAINLEN+1];
5100 		dname_str(xfr->name, buf2);
5101 		snprintf(buf1, sizeof(buf1), "auth zone %s: master lookup"
5102 			" for task_transfer", buf2);
5103 		log_query_info(VERB_ALGO, buf1, &qinfo);
5104 	}
5105 	edns.edns_present = 1;
5106 	edns.ext_rcode = 0;
5107 	edns.edns_version = 0;
5108 	edns.bits = EDNS_DO;
5109 	edns.opt_list = NULL;
5110 	if(sldns_buffer_capacity(buf) < 65535)
5111 		edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
5112 	else	edns.udp_size = 65535;
5113 
5114 	/* unlock xfr during mesh_new_callback() because the callback can be
5115 	 * called straight away */
5116 	lock_basic_unlock(&xfr->lock);
5117 	if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
5118 		&auth_xfer_transfer_lookup_callback, xfr)) {
5119 		lock_basic_lock(&xfr->lock);
5120 		log_err("out of memory lookup up master %s", master->host);
5121 		return 0;
5122 	}
5123 	lock_basic_lock(&xfr->lock);
5124 	return 1;
5125 }
5126 
5127 /** initiate TCP to the target and fetch zone.
5128  * returns true if that was successfully started, and timeout setup. */
5129 static int
5130 xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env)
5131 {
5132 	struct sockaddr_storage addr;
5133 	socklen_t addrlen = 0;
5134 	struct auth_master* master = xfr->task_transfer->master;
5135 	char *auth_name = NULL;
5136 	struct timeval t;
5137 	int timeout;
5138 	if(!master) return 0;
5139 	if(master->allow_notify) return 0; /* only for notify */
5140 
5141 	/* get master addr */
5142 	if(xfr->task_transfer->scan_addr) {
5143 		addrlen = xfr->task_transfer->scan_addr->addrlen;
5144 		memmove(&addr, &xfr->task_transfer->scan_addr->addr, addrlen);
5145 	} else {
5146 		if(!authextstrtoaddr(master->host, &addr, &addrlen, &auth_name)) {
5147 			/* the ones that are not in addr format are supposed
5148 			 * to be looked up.  The lookup has failed however,
5149 			 * so skip them */
5150 			char zname[255+1];
5151 			dname_str(xfr->name, zname);
5152 			log_err("%s: failed lookup, cannot transfer from master %s",
5153 				zname, master->host);
5154 			return 0;
5155 		}
5156 	}
5157 
5158 	/* remove previous TCP connection (if any) */
5159 	if(xfr->task_transfer->cp) {
5160 		comm_point_delete(xfr->task_transfer->cp);
5161 		xfr->task_transfer->cp = NULL;
5162 	}
5163 	if(!xfr->task_transfer->timer) {
5164 		xfr->task_transfer->timer = comm_timer_create(env->worker_base,
5165 			auth_xfer_transfer_timer_callback, xfr);
5166 		if(!xfr->task_transfer->timer) {
5167 			log_err("malloc failure");
5168 			return 0;
5169 		}
5170 	}
5171 	timeout = AUTH_TRANSFER_TIMEOUT;
5172 #ifndef S_SPLINT_S
5173         t.tv_sec = timeout/1000;
5174         t.tv_usec = (timeout%1000)*1000;
5175 #endif
5176 
5177 	if(master->http) {
5178 		/* perform http fetch */
5179 		/* store http port number into sockaddr,
5180 		 * unless someone used unbound's host@port notation */
5181 		xfr->task_transfer->on_ixfr = 0;
5182 		if(strchr(master->host, '@') == NULL)
5183 			sockaddr_store_port(&addr, addrlen, master->port);
5184 		xfr->task_transfer->cp = outnet_comm_point_for_http(
5185 			env->outnet, auth_xfer_transfer_http_callback, xfr,
5186 			&addr, addrlen, -1, master->ssl, master->host,
5187 			master->file);
5188 		if(!xfr->task_transfer->cp) {
5189 			char zname[255+1], as[256];
5190 			dname_str(xfr->name, zname);
5191 			addr_to_str(&addr, addrlen, as, sizeof(as));
5192 			verbose(VERB_ALGO, "cannot create http cp "
5193 				"connection for %s to %s", zname, as);
5194 			return 0;
5195 		}
5196 		comm_timer_set(xfr->task_transfer->timer, &t);
5197 		if(verbosity >= VERB_ALGO) {
5198 			char zname[255+1], as[256];
5199 			dname_str(xfr->name, zname);
5200 			addr_to_str(&addr, addrlen, as, sizeof(as));
5201 			verbose(VERB_ALGO, "auth zone %s transfer next HTTP fetch from %s started", zname, as);
5202 		}
5203 		return 1;
5204 	}
5205 
5206 	/* perform AXFR/IXFR */
5207 	/* set the packet to be written */
5208 	/* create new ID */
5209 	xfr->task_transfer->id = (uint16_t)(ub_random(env->rnd)&0xffff);
5210 	xfr_create_ixfr_packet(xfr, env->scratch_buffer,
5211 		xfr->task_transfer->id, master);
5212 
5213 	/* connect on fd */
5214 	xfr->task_transfer->cp = outnet_comm_point_for_tcp(env->outnet,
5215 		auth_xfer_transfer_tcp_callback, xfr, &addr, addrlen,
5216 		env->scratch_buffer, -1,
5217 		auth_name != NULL, auth_name);
5218 	if(!xfr->task_transfer->cp) {
5219 		char zname[255+1], as[256];
5220  		dname_str(xfr->name, zname);
5221 		addr_to_str(&addr, addrlen, as, sizeof(as));
5222 		verbose(VERB_ALGO, "cannot create tcp cp connection for "
5223 			"xfr %s to %s", zname, as);
5224 		return 0;
5225 	}
5226 	comm_timer_set(xfr->task_transfer->timer, &t);
5227 	if(verbosity >= VERB_ALGO) {
5228 		char zname[255+1], as[256];
5229  		dname_str(xfr->name, zname);
5230 		addr_to_str(&addr, addrlen, as, sizeof(as));
5231 		verbose(VERB_ALGO, "auth zone %s transfer next %s fetch from %s started", zname,
5232 			(xfr->task_transfer->on_ixfr?"IXFR":"AXFR"), as);
5233 	}
5234 	return 1;
5235 }
5236 
5237 /** perform next lookup, next transfer TCP, or end and resume wait time task */
5238 static void
5239 xfr_transfer_nexttarget_or_end(struct auth_xfer* xfr, struct module_env* env)
5240 {
5241 	log_assert(xfr->task_transfer->worker == env->worker);
5242 
5243 	/* are we performing lookups? */
5244 	while(xfr->task_transfer->lookup_target) {
5245 		if(xfr_transfer_lookup_host(xfr, env)) {
5246 			/* wait for lookup to finish,
5247 			 * note that the hostname may be in unbound's cache
5248 			 * and we may then get an instant cache response,
5249 			 * and that calls the callback just like a full
5250 			 * lookup and lookup failures also call callback */
5251 			if(verbosity >= VERB_ALGO) {
5252 				char zname[255+1];
5253 				dname_str(xfr->name, zname);
5254 				verbose(VERB_ALGO, "auth zone %s transfer next target lookup", zname);
5255 			}
5256 			lock_basic_unlock(&xfr->lock);
5257 			return;
5258 		}
5259 		xfr_transfer_move_to_next_lookup(xfr, env);
5260 	}
5261 
5262 	/* initiate TCP and fetch the zone from the master */
5263 	/* and set timeout on it */
5264 	while(!xfr_transfer_end_of_list(xfr)) {
5265 		xfr->task_transfer->master = xfr_transfer_current_master(xfr);
5266 		if(xfr_transfer_init_fetch(xfr, env)) {
5267 			/* successfully started, wait for callback */
5268 			lock_basic_unlock(&xfr->lock);
5269 			return;
5270 		}
5271 		/* failed to fetch, next master */
5272 		xfr_transfer_nextmaster(xfr);
5273 	}
5274 	if(verbosity >= VERB_ALGO) {
5275 		char zname[255+1];
5276 		dname_str(xfr->name, zname);
5277 		verbose(VERB_ALGO, "auth zone %s transfer failed, wait", zname);
5278 	}
5279 
5280 	/* we failed to fetch the zone, move to wait task
5281 	 * use the shorter retry timeout */
5282 	xfr_transfer_disown(xfr);
5283 
5284 	/* pick up the nextprobe task and wait */
5285 	if(xfr->task_nextprobe->worker == NULL)
5286 		xfr_set_timeout(xfr, env, 1, 0);
5287 	lock_basic_unlock(&xfr->lock);
5288 }
5289 
5290 /** add addrs from A or AAAA rrset to the master */
5291 static void
5292 xfr_master_add_addrs(struct auth_master* m, struct ub_packed_rrset_key* rrset,
5293 	uint16_t rrtype)
5294 {
5295 	size_t i;
5296 	struct packed_rrset_data* data;
5297 	if(!m || !rrset) return;
5298 	if(rrtype != LDNS_RR_TYPE_A && rrtype != LDNS_RR_TYPE_AAAA)
5299 		return;
5300 	data = (struct packed_rrset_data*)rrset->entry.data;
5301 	for(i=0; i<data->count; i++) {
5302 		struct auth_addr* a;
5303 		size_t len = data->rr_len[i] - 2;
5304 		uint8_t* rdata = data->rr_data[i]+2;
5305 		if(rrtype == LDNS_RR_TYPE_A && len != INET_SIZE)
5306 			continue; /* wrong length for A */
5307 		if(rrtype == LDNS_RR_TYPE_AAAA && len != INET6_SIZE)
5308 			continue; /* wrong length for AAAA */
5309 
5310 		/* add and alloc it */
5311 		a = (struct auth_addr*)calloc(1, sizeof(*a));
5312 		if(!a) {
5313 			log_err("out of memory");
5314 			return;
5315 		}
5316 		if(rrtype == LDNS_RR_TYPE_A) {
5317 			struct sockaddr_in* sa;
5318 			a->addrlen = (socklen_t)sizeof(*sa);
5319 			sa = (struct sockaddr_in*)&a->addr;
5320 			sa->sin_family = AF_INET;
5321 			sa->sin_port = (in_port_t)htons(UNBOUND_DNS_PORT);
5322 			memmove(&sa->sin_addr, rdata, INET_SIZE);
5323 		} else {
5324 			struct sockaddr_in6* sa;
5325 			a->addrlen = (socklen_t)sizeof(*sa);
5326 			sa = (struct sockaddr_in6*)&a->addr;
5327 			sa->sin6_family = AF_INET6;
5328 			sa->sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT);
5329 			memmove(&sa->sin6_addr, rdata, INET6_SIZE);
5330 		}
5331 		if(verbosity >= VERB_ALGO) {
5332 			char s[64];
5333 			addr_to_str(&a->addr, a->addrlen, s, sizeof(s));
5334 			verbose(VERB_ALGO, "auth host %s lookup %s",
5335 				m->host, s);
5336 		}
5337 		/* append to list */
5338 		a->next = m->list;
5339 		m->list = a;
5340 	}
5341 }
5342 
5343 /** callback for task_transfer lookup of host name, of A or AAAA */
5344 void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
5345 	enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus),
5346 	int ATTR_UNUSED(was_ratelimited))
5347 {
5348 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
5349 	struct module_env* env;
5350 	log_assert(xfr->task_transfer);
5351 	lock_basic_lock(&xfr->lock);
5352 	env = xfr->task_transfer->env;
5353 	if(!env || env->outnet->want_to_quit) {
5354 		lock_basic_unlock(&xfr->lock);
5355 		return; /* stop on quit */
5356 	}
5357 
5358 	/* process result */
5359 	if(rcode == LDNS_RCODE_NOERROR) {
5360 		uint16_t wanted_qtype = LDNS_RR_TYPE_A;
5361 		struct regional* temp = env->scratch;
5362 		struct query_info rq;
5363 		struct reply_info* rep;
5364 		if(xfr->task_transfer->lookup_aaaa)
5365 			wanted_qtype = LDNS_RR_TYPE_AAAA;
5366 		memset(&rq, 0, sizeof(rq));
5367 		rep = parse_reply_in_temp_region(buf, temp, &rq);
5368 		if(rep && rq.qtype == wanted_qtype &&
5369 			FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
5370 			/* parsed successfully */
5371 			struct ub_packed_rrset_key* answer =
5372 				reply_find_answer_rrset(&rq, rep);
5373 			if(answer) {
5374 				xfr_master_add_addrs(xfr->task_transfer->
5375 					lookup_target, answer, wanted_qtype);
5376 			} else {
5377 				if(verbosity >= VERB_ALGO) {
5378 					char zname[255+1];
5379 					dname_str(xfr->name, zname);
5380 					verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has nodata", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5381 				}
5382 			}
5383 		} else {
5384 			if(verbosity >= VERB_ALGO) {
5385 				char zname[255+1];
5386 				dname_str(xfr->name, zname);
5387 				verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has no answer", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5388 			}
5389 		}
5390 		regional_free_all(temp);
5391 	} else {
5392 		if(verbosity >= VERB_ALGO) {
5393 			char zname[255+1];
5394 			dname_str(xfr->name, zname);
5395 			verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup failed", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5396 		}
5397 	}
5398 	if(xfr->task_transfer->lookup_target->list &&
5399 		xfr->task_transfer->lookup_target == xfr_transfer_current_master(xfr))
5400 		xfr->task_transfer->scan_addr = xfr->task_transfer->lookup_target->list;
5401 
5402 	/* move to lookup AAAA after A lookup, move to next hostname lookup,
5403 	 * or move to fetch the zone, or, if nothing to do, end task_transfer */
5404 	xfr_transfer_move_to_next_lookup(xfr, env);
5405 	xfr_transfer_nexttarget_or_end(xfr, env);
5406 }
5407 
5408 /** check if xfer (AXFR or IXFR) packet is OK.
5409  * return false if we lost connection (SERVFAIL, or unreadable).
5410  * return false if we need to move from IXFR to AXFR, with gonextonfail
5411  * 	set to false, so the same master is tried again, but with AXFR.
5412  * return true if fine to link into data.
5413  * return true with transferdone=true when the transfer has ended.
5414  */
5415 static int
5416 check_xfer_packet(sldns_buffer* pkt, struct auth_xfer* xfr,
5417 	int* gonextonfail, int* transferdone)
5418 {
5419 	uint8_t* wire = sldns_buffer_begin(pkt);
5420 	int i;
5421 	if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) {
5422 		verbose(VERB_ALGO, "xfr to %s failed, packet too small",
5423 			xfr->task_transfer->master->host);
5424 		return 0;
5425 	}
5426 	if(!LDNS_QR_WIRE(wire)) {
5427 		verbose(VERB_ALGO, "xfr to %s failed, packet has no QR flag",
5428 			xfr->task_transfer->master->host);
5429 		return 0;
5430 	}
5431 	if(LDNS_TC_WIRE(wire)) {
5432 		verbose(VERB_ALGO, "xfr to %s failed, packet has TC flag",
5433 			xfr->task_transfer->master->host);
5434 		return 0;
5435 	}
5436 	/* check ID */
5437 	if(LDNS_ID_WIRE(wire) != xfr->task_transfer->id) {
5438 		verbose(VERB_ALGO, "xfr to %s failed, packet wrong ID",
5439 			xfr->task_transfer->master->host);
5440 		return 0;
5441 	}
5442 	if(LDNS_RCODE_WIRE(wire) != LDNS_RCODE_NOERROR) {
5443 		char rcode[32];
5444 		sldns_wire2str_rcode_buf((int)LDNS_RCODE_WIRE(wire), rcode,
5445 			sizeof(rcode));
5446 		/* if we are doing IXFR, check for fallback */
5447 		if(xfr->task_transfer->on_ixfr) {
5448 			if(LDNS_RCODE_WIRE(wire) == LDNS_RCODE_NOTIMPL ||
5449 				LDNS_RCODE_WIRE(wire) == LDNS_RCODE_SERVFAIL ||
5450 				LDNS_RCODE_WIRE(wire) == LDNS_RCODE_REFUSED ||
5451 				LDNS_RCODE_WIRE(wire) == LDNS_RCODE_FORMERR) {
5452 				verbose(VERB_ALGO, "xfr to %s, fallback "
5453 					"from IXFR to AXFR (with rcode %s)",
5454 					xfr->task_transfer->master->host,
5455 					rcode);
5456 				xfr->task_transfer->ixfr_fail = 1;
5457 				*gonextonfail = 0;
5458 				return 0;
5459 			}
5460 		}
5461 		verbose(VERB_ALGO, "xfr to %s failed, packet with rcode %s",
5462 			xfr->task_transfer->master->host, rcode);
5463 		return 0;
5464 	}
5465 	if(LDNS_OPCODE_WIRE(wire) != LDNS_PACKET_QUERY) {
5466 		verbose(VERB_ALGO, "xfr to %s failed, packet with bad opcode",
5467 			xfr->task_transfer->master->host);
5468 		return 0;
5469 	}
5470 	if(LDNS_QDCOUNT(wire) > 1) {
5471 		verbose(VERB_ALGO, "xfr to %s failed, packet has qdcount %d",
5472 			xfr->task_transfer->master->host,
5473 			(int)LDNS_QDCOUNT(wire));
5474 		return 0;
5475 	}
5476 
5477 	/* check qname */
5478 	sldns_buffer_set_position(pkt, LDNS_HEADER_SIZE);
5479 	for(i=0; i<(int)LDNS_QDCOUNT(wire); i++) {
5480 		size_t pos = sldns_buffer_position(pkt);
5481 		uint16_t qtype, qclass;
5482 		if(pkt_dname_len(pkt) == 0) {
5483 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5484 				"malformed dname",
5485 				xfr->task_transfer->master->host);
5486 			return 0;
5487 		}
5488 		if(dname_pkt_compare(pkt, sldns_buffer_at(pkt, pos),
5489 			xfr->name) != 0) {
5490 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5491 				"wrong qname",
5492 				xfr->task_transfer->master->host);
5493 			return 0;
5494 		}
5495 		if(sldns_buffer_remaining(pkt) < 4) {
5496 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5497 				"truncated query RR",
5498 				xfr->task_transfer->master->host);
5499 			return 0;
5500 		}
5501 		qtype = sldns_buffer_read_u16(pkt);
5502 		qclass = sldns_buffer_read_u16(pkt);
5503 		if(qclass != xfr->dclass) {
5504 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5505 				"wrong qclass",
5506 				xfr->task_transfer->master->host);
5507 			return 0;
5508 		}
5509 		if(xfr->task_transfer->on_ixfr) {
5510 			if(qtype != LDNS_RR_TYPE_IXFR) {
5511 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5512 					"with wrong qtype, expected IXFR",
5513 				xfr->task_transfer->master->host);
5514 				return 0;
5515 			}
5516 		} else {
5517 			if(qtype != LDNS_RR_TYPE_AXFR) {
5518 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5519 					"with wrong qtype, expected AXFR",
5520 				xfr->task_transfer->master->host);
5521 				return 0;
5522 			}
5523 		}
5524 	}
5525 
5526 	/* check parse of RRs in packet, store first SOA serial
5527 	 * to be able to detect last SOA (with that serial) to see if done */
5528 	/* also check for IXFR 'zone up to date' reply */
5529 	for(i=0; i<(int)LDNS_ANCOUNT(wire); i++) {
5530 		size_t pos = sldns_buffer_position(pkt);
5531 		uint16_t tp, rdlen;
5532 		if(pkt_dname_len(pkt) == 0) {
5533 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5534 				"malformed dname in answer section",
5535 				xfr->task_transfer->master->host);
5536 			return 0;
5537 		}
5538 		if(sldns_buffer_remaining(pkt) < 10) {
5539 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5540 				"truncated RR",
5541 				xfr->task_transfer->master->host);
5542 			return 0;
5543 		}
5544 		tp = sldns_buffer_read_u16(pkt);
5545 		(void)sldns_buffer_read_u16(pkt); /* class */
5546 		(void)sldns_buffer_read_u32(pkt); /* ttl */
5547 		rdlen = sldns_buffer_read_u16(pkt);
5548 		if(sldns_buffer_remaining(pkt) < rdlen) {
5549 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5550 				"truncated RR rdata",
5551 				xfr->task_transfer->master->host);
5552 			return 0;
5553 		}
5554 
5555 		/* RR parses (haven't checked rdata itself), now look at
5556 		 * SOA records to see serial number */
5557 		if(xfr->task_transfer->rr_scan_num == 0 &&
5558 			tp != LDNS_RR_TYPE_SOA) {
5559 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5560 				"malformed zone transfer, no start SOA",
5561 				xfr->task_transfer->master->host);
5562 			return 0;
5563 		}
5564 		if(xfr->task_transfer->rr_scan_num == 1 &&
5565 			tp != LDNS_RR_TYPE_SOA) {
5566 			/* second RR is not a SOA record, this is not an IXFR
5567 			 * the master is replying with an AXFR */
5568 			xfr->task_transfer->on_ixfr_is_axfr = 1;
5569 		}
5570 		if(tp == LDNS_RR_TYPE_SOA) {
5571 			uint32_t serial;
5572 			if(rdlen < 22) {
5573 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5574 					"with SOA with malformed rdata",
5575 					xfr->task_transfer->master->host);
5576 				return 0;
5577 			}
5578 			if(dname_pkt_compare(pkt, sldns_buffer_at(pkt, pos),
5579 				xfr->name) != 0) {
5580 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5581 					"with SOA with wrong dname",
5582 					xfr->task_transfer->master->host);
5583 				return 0;
5584 			}
5585 
5586 			/* read serial number of SOA */
5587 			serial = sldns_buffer_read_u32_at(pkt,
5588 				sldns_buffer_position(pkt)+rdlen-20);
5589 
5590 			/* check for IXFR 'zone has SOA x' reply */
5591 			if(xfr->task_transfer->on_ixfr &&
5592 				xfr->task_transfer->rr_scan_num == 0 &&
5593 				LDNS_ANCOUNT(wire)==1) {
5594 				verbose(VERB_ALGO, "xfr to %s ended, "
5595 					"IXFR reply that zone has serial %u,"
5596 					" fallback from IXFR to AXFR",
5597 					xfr->task_transfer->master->host,
5598 					(unsigned)serial);
5599 				xfr->task_transfer->ixfr_fail = 1;
5600 				*gonextonfail = 0;
5601 				return 0;
5602 			}
5603 
5604 			/* if first SOA, store serial number */
5605 			if(xfr->task_transfer->got_xfr_serial == 0) {
5606 				xfr->task_transfer->got_xfr_serial = 1;
5607 				xfr->task_transfer->incoming_xfr_serial =
5608 					serial;
5609 				verbose(VERB_ALGO, "xfr %s: contains "
5610 					"SOA serial %u",
5611 					xfr->task_transfer->master->host,
5612 					(unsigned)serial);
5613 			/* see if end of AXFR */
5614 			} else if(!xfr->task_transfer->on_ixfr ||
5615 				xfr->task_transfer->on_ixfr_is_axfr) {
5616 				/* second SOA with serial is the end
5617 				 * for AXFR */
5618 				*transferdone = 1;
5619 				verbose(VERB_ALGO, "xfr %s: last AXFR packet",
5620 					xfr->task_transfer->master->host);
5621 			/* for IXFR, count SOA records with that serial */
5622 			} else if(xfr->task_transfer->incoming_xfr_serial ==
5623 				serial && xfr->task_transfer->got_xfr_serial
5624 				== 1) {
5625 				xfr->task_transfer->got_xfr_serial++;
5626 			/* if not first soa, if serial==firstserial, the
5627 			 * third time we are at the end, for IXFR */
5628 			} else if(xfr->task_transfer->incoming_xfr_serial ==
5629 				serial && xfr->task_transfer->got_xfr_serial
5630 				== 2) {
5631 				verbose(VERB_ALGO, "xfr %s: last IXFR packet",
5632 					xfr->task_transfer->master->host);
5633 				*transferdone = 1;
5634 				/* continue parse check, if that succeeds,
5635 				 * transfer is done */
5636 			}
5637 		}
5638 		xfr->task_transfer->rr_scan_num++;
5639 
5640 		/* skip over RR rdata to go to the next RR */
5641 		sldns_buffer_skip(pkt, (ssize_t)rdlen);
5642 	}
5643 
5644 	/* check authority section */
5645 	/* we skip over the RRs checking packet format */
5646 	for(i=0; i<(int)LDNS_NSCOUNT(wire); i++) {
5647 		uint16_t rdlen;
5648 		if(pkt_dname_len(pkt) == 0) {
5649 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5650 				"malformed dname in authority section",
5651 				xfr->task_transfer->master->host);
5652 			return 0;
5653 		}
5654 		if(sldns_buffer_remaining(pkt) < 10) {
5655 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5656 				"truncated RR",
5657 				xfr->task_transfer->master->host);
5658 			return 0;
5659 		}
5660 		(void)sldns_buffer_read_u16(pkt); /* type */
5661 		(void)sldns_buffer_read_u16(pkt); /* class */
5662 		(void)sldns_buffer_read_u32(pkt); /* ttl */
5663 		rdlen = sldns_buffer_read_u16(pkt);
5664 		if(sldns_buffer_remaining(pkt) < rdlen) {
5665 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5666 				"truncated RR rdata",
5667 				xfr->task_transfer->master->host);
5668 			return 0;
5669 		}
5670 		/* skip over RR rdata to go to the next RR */
5671 		sldns_buffer_skip(pkt, (ssize_t)rdlen);
5672 	}
5673 
5674 	/* check additional section */
5675 	for(i=0; i<(int)LDNS_ARCOUNT(wire); i++) {
5676 		uint16_t rdlen;
5677 		if(pkt_dname_len(pkt) == 0) {
5678 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5679 				"malformed dname in additional section",
5680 				xfr->task_transfer->master->host);
5681 			return 0;
5682 		}
5683 		if(sldns_buffer_remaining(pkt) < 10) {
5684 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5685 				"truncated RR",
5686 				xfr->task_transfer->master->host);
5687 			return 0;
5688 		}
5689 		(void)sldns_buffer_read_u16(pkt); /* type */
5690 		(void)sldns_buffer_read_u16(pkt); /* class */
5691 		(void)sldns_buffer_read_u32(pkt); /* ttl */
5692 		rdlen = sldns_buffer_read_u16(pkt);
5693 		if(sldns_buffer_remaining(pkt) < rdlen) {
5694 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5695 				"truncated RR rdata",
5696 				xfr->task_transfer->master->host);
5697 			return 0;
5698 		}
5699 		/* skip over RR rdata to go to the next RR */
5700 		sldns_buffer_skip(pkt, (ssize_t)rdlen);
5701 	}
5702 
5703 	return 1;
5704 }
5705 
5706 /** Link the data from this packet into the worklist of transferred data */
5707 static int
5708 xfer_link_data(sldns_buffer* pkt, struct auth_xfer* xfr)
5709 {
5710 	/* alloc it */
5711 	struct auth_chunk* e;
5712 	e = (struct auth_chunk*)calloc(1, sizeof(*e));
5713 	if(!e) return 0;
5714 	e->next = NULL;
5715 	e->len = sldns_buffer_limit(pkt);
5716 	e->data = memdup(sldns_buffer_begin(pkt), e->len);
5717 	if(!e->data) {
5718 		free(e);
5719 		return 0;
5720 	}
5721 
5722 	/* alloc succeeded, link into list */
5723 	if(!xfr->task_transfer->chunks_first)
5724 		xfr->task_transfer->chunks_first = e;
5725 	if(xfr->task_transfer->chunks_last)
5726 		xfr->task_transfer->chunks_last->next = e;
5727 	xfr->task_transfer->chunks_last = e;
5728 	return 1;
5729 }
5730 
5731 /** task transfer.  the list of data is complete. process it and if failed
5732  * move to next master, if succeeded, end the task transfer */
5733 static void
5734 process_list_end_transfer(struct auth_xfer* xfr, struct module_env* env)
5735 {
5736 	int ixfr_fail = 0;
5737 	if(xfr_process_chunk_list(xfr, env, &ixfr_fail)) {
5738 		/* it worked! */
5739 		auth_chunks_delete(xfr->task_transfer);
5740 
5741 		/* we fetched the zone, move to wait task */
5742 		xfr_transfer_disown(xfr);
5743 
5744 		if(xfr->notify_received && (!xfr->notify_has_serial ||
5745 			(xfr->notify_has_serial &&
5746 			xfr_serial_means_update(xfr, xfr->notify_serial)))) {
5747 			uint32_t sr = xfr->notify_serial;
5748 			int has_sr = xfr->notify_has_serial;
5749 			/* we received a notify while probe/transfer was
5750 			 * in progress.  start a new probe and transfer */
5751 			xfr->notify_received = 0;
5752 			xfr->notify_has_serial = 0;
5753 			xfr->notify_serial = 0;
5754 			if(!xfr_start_probe(xfr, env, NULL)) {
5755 				/* if we couldn't start it, already in
5756 				 * progress; restore notify serial,
5757 				 * while xfr still locked */
5758 				xfr->notify_received = 1;
5759 				xfr->notify_has_serial = has_sr;
5760 				xfr->notify_serial = sr;
5761 				lock_basic_unlock(&xfr->lock);
5762 			}
5763 			return;
5764 		} else {
5765 			/* pick up the nextprobe task and wait (normail wait time) */
5766 			if(xfr->task_nextprobe->worker == NULL)
5767 				xfr_set_timeout(xfr, env, 0, 0);
5768 		}
5769 		lock_basic_unlock(&xfr->lock);
5770 		return;
5771 	}
5772 	/* processing failed */
5773 	/* when done, delete data from list */
5774 	auth_chunks_delete(xfr->task_transfer);
5775 	if(ixfr_fail) {
5776 		xfr->task_transfer->ixfr_fail = 1;
5777 	} else {
5778 		xfr_transfer_nextmaster(xfr);
5779 	}
5780 	xfr_transfer_nexttarget_or_end(xfr, env);
5781 }
5782 
5783 /** callback for the task_transfer timer */
5784 void
5785 auth_xfer_transfer_timer_callback(void* arg)
5786 {
5787 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
5788 	struct module_env* env;
5789 	int gonextonfail = 1;
5790 	log_assert(xfr->task_transfer);
5791 	lock_basic_lock(&xfr->lock);
5792 	env = xfr->task_transfer->env;
5793 	if(!env || env->outnet->want_to_quit) {
5794 		lock_basic_unlock(&xfr->lock);
5795 		return; /* stop on quit */
5796 	}
5797 
5798 	verbose(VERB_ALGO, "xfr stopped, connection timeout to %s",
5799 		xfr->task_transfer->master->host);
5800 
5801 	/* see if IXFR caused the failure, if so, try AXFR */
5802 	if(xfr->task_transfer->on_ixfr) {
5803 		xfr->task_transfer->ixfr_possible_timeout_count++;
5804 		if(xfr->task_transfer->ixfr_possible_timeout_count >=
5805 			NUM_TIMEOUTS_FALLBACK_IXFR) {
5806 			verbose(VERB_ALGO, "xfr to %s, fallback "
5807 				"from IXFR to AXFR (because of timeouts)",
5808 				xfr->task_transfer->master->host);
5809 			xfr->task_transfer->ixfr_fail = 1;
5810 			gonextonfail = 0;
5811 		}
5812 	}
5813 
5814 	/* delete transferred data from list */
5815 	auth_chunks_delete(xfr->task_transfer);
5816 	comm_point_delete(xfr->task_transfer->cp);
5817 	xfr->task_transfer->cp = NULL;
5818 	if(gonextonfail)
5819 		xfr_transfer_nextmaster(xfr);
5820 	xfr_transfer_nexttarget_or_end(xfr, env);
5821 }
5822 
5823 /** callback for task_transfer tcp connections */
5824 int
5825 auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err,
5826 	struct comm_reply* ATTR_UNUSED(repinfo))
5827 {
5828 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
5829 	struct module_env* env;
5830 	int gonextonfail = 1;
5831 	int transferdone = 0;
5832 	log_assert(xfr->task_transfer);
5833 	lock_basic_lock(&xfr->lock);
5834 	env = xfr->task_transfer->env;
5835 	if(!env || env->outnet->want_to_quit) {
5836 		lock_basic_unlock(&xfr->lock);
5837 		return 0; /* stop on quit */
5838 	}
5839 	/* stop the timer */
5840 	comm_timer_disable(xfr->task_transfer->timer);
5841 
5842 	if(err != NETEVENT_NOERROR) {
5843 		/* connection failed, closed, or timeout */
5844 		/* stop this transfer, cleanup
5845 		 * and continue task_transfer*/
5846 		verbose(VERB_ALGO, "xfr stopped, connection lost to %s",
5847 			xfr->task_transfer->master->host);
5848 
5849 		/* see if IXFR caused the failure, if so, try AXFR */
5850 		if(xfr->task_transfer->on_ixfr) {
5851 			xfr->task_transfer->ixfr_possible_timeout_count++;
5852 			if(xfr->task_transfer->ixfr_possible_timeout_count >=
5853 				NUM_TIMEOUTS_FALLBACK_IXFR) {
5854 				verbose(VERB_ALGO, "xfr to %s, fallback "
5855 					"from IXFR to AXFR (because of timeouts)",
5856 					xfr->task_transfer->master->host);
5857 				xfr->task_transfer->ixfr_fail = 1;
5858 				gonextonfail = 0;
5859 			}
5860 		}
5861 
5862 	failed:
5863 		/* delete transferred data from list */
5864 		auth_chunks_delete(xfr->task_transfer);
5865 		comm_point_delete(xfr->task_transfer->cp);
5866 		xfr->task_transfer->cp = NULL;
5867 		if(gonextonfail)
5868 			xfr_transfer_nextmaster(xfr);
5869 		xfr_transfer_nexttarget_or_end(xfr, env);
5870 		return 0;
5871 	}
5872 	/* note that IXFR worked without timeout */
5873 	if(xfr->task_transfer->on_ixfr)
5874 		xfr->task_transfer->ixfr_possible_timeout_count = 0;
5875 
5876 	/* handle returned packet */
5877 	/* if it fails, cleanup and end this transfer */
5878 	/* if it needs to fallback from IXFR to AXFR, do that */
5879 	if(!check_xfer_packet(c->buffer, xfr, &gonextonfail, &transferdone)) {
5880 		goto failed;
5881 	}
5882 	/* if it is good, link it into the list of data */
5883 	/* if the link into list of data fails (malloc fail) cleanup and end */
5884 	if(!xfer_link_data(c->buffer, xfr)) {
5885 		verbose(VERB_ALGO, "xfr stopped to %s, malloc failed",
5886 			xfr->task_transfer->master->host);
5887 		goto failed;
5888 	}
5889 	/* if the transfer is done now, disconnect and process the list */
5890 	if(transferdone) {
5891 		comm_point_delete(xfr->task_transfer->cp);
5892 		xfr->task_transfer->cp = NULL;
5893 		process_list_end_transfer(xfr, env);
5894 		return 0;
5895 	}
5896 
5897 	/* if we want to read more messages, setup the commpoint to read
5898 	 * a DNS packet, and the timeout */
5899 	lock_basic_unlock(&xfr->lock);
5900 	c->tcp_is_reading = 1;
5901 	sldns_buffer_clear(c->buffer);
5902 	comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT);
5903 	return 0;
5904 }
5905 
5906 /** callback for task_transfer http connections */
5907 int
5908 auth_xfer_transfer_http_callback(struct comm_point* c, void* arg, int err,
5909 	struct comm_reply* repinfo)
5910 {
5911 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
5912 	struct module_env* env;
5913 	log_assert(xfr->task_transfer);
5914 	lock_basic_lock(&xfr->lock);
5915 	env = xfr->task_transfer->env;
5916 	if(!env || env->outnet->want_to_quit) {
5917 		lock_basic_unlock(&xfr->lock);
5918 		return 0; /* stop on quit */
5919 	}
5920 	verbose(VERB_ALGO, "auth zone transfer http callback");
5921 	/* stop the timer */
5922 	comm_timer_disable(xfr->task_transfer->timer);
5923 
5924 	if(err != NETEVENT_NOERROR && err != NETEVENT_DONE) {
5925 		/* connection failed, closed, or timeout */
5926 		/* stop this transfer, cleanup
5927 		 * and continue task_transfer*/
5928 		verbose(VERB_ALGO, "http stopped, connection lost to %s",
5929 			xfr->task_transfer->master->host);
5930 	failed:
5931 		/* delete transferred data from list */
5932 		auth_chunks_delete(xfr->task_transfer);
5933 		if(repinfo) repinfo->c = NULL; /* signal cp deleted to
5934 				the routine calling this callback */
5935 		comm_point_delete(xfr->task_transfer->cp);
5936 		xfr->task_transfer->cp = NULL;
5937 		xfr_transfer_nextmaster(xfr);
5938 		xfr_transfer_nexttarget_or_end(xfr, env);
5939 		return 0;
5940 	}
5941 
5942 	/* if it is good, link it into the list of data */
5943 	/* if the link into list of data fails (malloc fail) cleanup and end */
5944 	if(sldns_buffer_limit(c->buffer) > 0) {
5945 		verbose(VERB_ALGO, "auth zone http queued up %d bytes",
5946 			(int)sldns_buffer_limit(c->buffer));
5947 		if(!xfer_link_data(c->buffer, xfr)) {
5948 			verbose(VERB_ALGO, "http stopped to %s, malloc failed",
5949 				xfr->task_transfer->master->host);
5950 			goto failed;
5951 		}
5952 	}
5953 	/* if the transfer is done now, disconnect and process the list */
5954 	if(err == NETEVENT_DONE) {
5955 		if(repinfo) repinfo->c = NULL; /* signal cp deleted to
5956 				the routine calling this callback */
5957 		comm_point_delete(xfr->task_transfer->cp);
5958 		xfr->task_transfer->cp = NULL;
5959 		process_list_end_transfer(xfr, env);
5960 		return 0;
5961 	}
5962 
5963 	/* if we want to read more messages, setup the commpoint to read
5964 	 * a DNS packet, and the timeout */
5965 	lock_basic_unlock(&xfr->lock);
5966 	c->tcp_is_reading = 1;
5967 	sldns_buffer_clear(c->buffer);
5968 	comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT);
5969 	return 0;
5970 }
5971 
5972 
5973 /** start transfer task by this worker , xfr is locked. */
5974 static void
5975 xfr_start_transfer(struct auth_xfer* xfr, struct module_env* env,
5976 	struct auth_master* master)
5977 {
5978 	log_assert(xfr->task_transfer != NULL);
5979 	log_assert(xfr->task_transfer->worker == NULL);
5980 	log_assert(xfr->task_transfer->chunks_first == NULL);
5981 	log_assert(xfr->task_transfer->chunks_last == NULL);
5982 	xfr->task_transfer->worker = env->worker;
5983 	xfr->task_transfer->env = env;
5984 
5985 	/* init transfer process */
5986 	/* find that master in the transfer's list of masters? */
5987 	xfr_transfer_start_list(xfr, master);
5988 	/* start lookup for hostnames in transfer master list */
5989 	xfr_transfer_start_lookups(xfr);
5990 
5991 	/* initiate TCP, and set timeout on it */
5992 	xfr_transfer_nexttarget_or_end(xfr, env);
5993 }
5994 
5995 /** disown task_probe.  caller must hold xfr.lock */
5996 static void
5997 xfr_probe_disown(struct auth_xfer* xfr)
5998 {
5999 	/* remove timer (from this worker's event base) */
6000 	comm_timer_delete(xfr->task_probe->timer);
6001 	xfr->task_probe->timer = NULL;
6002 	/* remove the commpoint */
6003 	comm_point_delete(xfr->task_probe->cp);
6004 	xfr->task_probe->cp = NULL;
6005 	/* we don't own this item anymore */
6006 	xfr->task_probe->worker = NULL;
6007 	xfr->task_probe->env = NULL;
6008 }
6009 
6010 /** send the UDP probe to the master, this is part of task_probe */
6011 static int
6012 xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env,
6013 	int timeout)
6014 {
6015 	struct sockaddr_storage addr;
6016 	socklen_t addrlen = 0;
6017 	struct timeval t;
6018 	/* pick master */
6019 	struct auth_master* master = xfr_probe_current_master(xfr);
6020 	char *auth_name = NULL;
6021 	if(!master) return 0;
6022 	if(master->allow_notify) return 0; /* only for notify */
6023 	if(master->http) return 0; /* only masters get SOA UDP probe,
6024 		not urls, if those are in this list */
6025 
6026 	/* get master addr */
6027 	if(xfr->task_probe->scan_addr) {
6028 		addrlen = xfr->task_probe->scan_addr->addrlen;
6029 		memmove(&addr, &xfr->task_probe->scan_addr->addr, addrlen);
6030 	} else {
6031 		if(!authextstrtoaddr(master->host, &addr, &addrlen, &auth_name)) {
6032 			/* the ones that are not in addr format are supposed
6033 			 * to be looked up.  The lookup has failed however,
6034 			 * so skip them */
6035 			char zname[255+1];
6036 			dname_str(xfr->name, zname);
6037 			log_err("%s: failed lookup, cannot probe to master %s",
6038 				zname, master->host);
6039 			return 0;
6040 		}
6041 		if (auth_name != NULL) {
6042 			if (addr.ss_family == AF_INET
6043 			&&  (int)ntohs(((struct sockaddr_in *)&addr)->sin_port)
6044 		            == env->cfg->ssl_port)
6045 				((struct sockaddr_in *)&addr)->sin_port
6046 					= htons((uint16_t)env->cfg->port);
6047 			else if (addr.ss_family == AF_INET6
6048 			&&  (int)ntohs(((struct sockaddr_in6 *)&addr)->sin6_port)
6049 		            == env->cfg->ssl_port)
6050                         	((struct sockaddr_in6 *)&addr)->sin6_port
6051 					= htons((uint16_t)env->cfg->port);
6052 		}
6053 	}
6054 
6055 	/* create packet */
6056 	/* create new ID for new probes, but not on timeout retries,
6057 	 * this means we'll accept replies to previous retries to same ip */
6058 	if(timeout == AUTH_PROBE_TIMEOUT)
6059 		xfr->task_probe->id = (uint16_t)(ub_random(env->rnd)&0xffff);
6060 	xfr_create_soa_probe_packet(xfr, env->scratch_buffer,
6061 		xfr->task_probe->id);
6062 	/* we need to remove the cp if we have a different ip4/ip6 type now */
6063 	if(xfr->task_probe->cp &&
6064 		((xfr->task_probe->cp_is_ip6 && !addr_is_ip6(&addr, addrlen)) ||
6065 		(!xfr->task_probe->cp_is_ip6 && addr_is_ip6(&addr, addrlen)))
6066 		) {
6067 		comm_point_delete(xfr->task_probe->cp);
6068 		xfr->task_probe->cp = NULL;
6069 	}
6070 	if(!xfr->task_probe->cp) {
6071 		if(addr_is_ip6(&addr, addrlen))
6072 			xfr->task_probe->cp_is_ip6 = 1;
6073 		else 	xfr->task_probe->cp_is_ip6 = 0;
6074 		xfr->task_probe->cp = outnet_comm_point_for_udp(env->outnet,
6075 			auth_xfer_probe_udp_callback, xfr, &addr, addrlen);
6076 		if(!xfr->task_probe->cp) {
6077 			char zname[255+1], as[256];
6078 			dname_str(xfr->name, zname);
6079 			addr_to_str(&addr, addrlen, as, sizeof(as));
6080 			verbose(VERB_ALGO, "cannot create udp cp for "
6081 				"probe %s to %s", zname, as);
6082 			return 0;
6083 		}
6084 	}
6085 	if(!xfr->task_probe->timer) {
6086 		xfr->task_probe->timer = comm_timer_create(env->worker_base,
6087 			auth_xfer_probe_timer_callback, xfr);
6088 		if(!xfr->task_probe->timer) {
6089 			log_err("malloc failure");
6090 			return 0;
6091 		}
6092 	}
6093 
6094 	/* send udp packet */
6095 	if(!comm_point_send_udp_msg(xfr->task_probe->cp, env->scratch_buffer,
6096 		(struct sockaddr*)&addr, addrlen, 0)) {
6097 		char zname[255+1], as[256];
6098 		dname_str(xfr->name, zname);
6099 		addr_to_str(&addr, addrlen, as, sizeof(as));
6100 		verbose(VERB_ALGO, "failed to send soa probe for %s to %s",
6101 			zname, as);
6102 		return 0;
6103 	}
6104 	if(verbosity >= VERB_ALGO) {
6105 		char zname[255+1], as[256];
6106 		dname_str(xfr->name, zname);
6107 		addr_to_str(&addr, addrlen, as, sizeof(as));
6108 		verbose(VERB_ALGO, "auth zone %s soa probe sent to %s", zname,
6109 			as);
6110 	}
6111 	xfr->task_probe->timeout = timeout;
6112 #ifndef S_SPLINT_S
6113 	t.tv_sec = timeout/1000;
6114 	t.tv_usec = (timeout%1000)*1000;
6115 #endif
6116 	comm_timer_set(xfr->task_probe->timer, &t);
6117 
6118 	return 1;
6119 }
6120 
6121 /** callback for task_probe timer */
6122 void
6123 auth_xfer_probe_timer_callback(void* arg)
6124 {
6125 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6126 	struct module_env* env;
6127 	log_assert(xfr->task_probe);
6128 	lock_basic_lock(&xfr->lock);
6129 	env = xfr->task_probe->env;
6130 	if(!env || env->outnet->want_to_quit) {
6131 		lock_basic_unlock(&xfr->lock);
6132 		return; /* stop on quit */
6133 	}
6134 
6135 	if(verbosity >= VERB_ALGO) {
6136 		char zname[255+1];
6137 		dname_str(xfr->name, zname);
6138 		verbose(VERB_ALGO, "auth zone %s soa probe timeout", zname);
6139 	}
6140 	if(xfr->task_probe->timeout <= AUTH_PROBE_TIMEOUT_STOP) {
6141 		/* try again with bigger timeout */
6142 		if(xfr_probe_send_probe(xfr, env, xfr->task_probe->timeout*2)) {
6143 			lock_basic_unlock(&xfr->lock);
6144 			return;
6145 		}
6146 	}
6147 	/* delete commpoint so a new one is created, with a fresh port nr */
6148 	comm_point_delete(xfr->task_probe->cp);
6149 	xfr->task_probe->cp = NULL;
6150 
6151 	/* too many timeouts (or fail to send), move to next or end */
6152 	xfr_probe_nextmaster(xfr);
6153 	xfr_probe_send_or_end(xfr, env);
6154 }
6155 
6156 /** callback for task_probe udp packets */
6157 int
6158 auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err,
6159 	struct comm_reply* repinfo)
6160 {
6161 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6162 	struct module_env* env;
6163 	log_assert(xfr->task_probe);
6164 	lock_basic_lock(&xfr->lock);
6165 	env = xfr->task_probe->env;
6166 	if(!env || env->outnet->want_to_quit) {
6167 		lock_basic_unlock(&xfr->lock);
6168 		return 0; /* stop on quit */
6169 	}
6170 
6171 	/* the comm_point_udp_callback is in a for loop for NUM_UDP_PER_SELECT
6172 	 * and we set rep.c=NULL to stop if from looking inside the commpoint*/
6173 	repinfo->c = NULL;
6174 	/* stop the timer */
6175 	comm_timer_disable(xfr->task_probe->timer);
6176 
6177 	/* see if we got a packet and what that means */
6178 	if(err == NETEVENT_NOERROR) {
6179 		uint32_t serial = 0;
6180 		if(check_packet_ok(c->buffer, LDNS_RR_TYPE_SOA, xfr,
6181 			&serial)) {
6182 			/* successful lookup */
6183 			if(verbosity >= VERB_ALGO) {
6184 				char buf[256];
6185 				dname_str(xfr->name, buf);
6186 				verbose(VERB_ALGO, "auth zone %s: soa probe "
6187 					"serial is %u", buf, (unsigned)serial);
6188 			}
6189 			/* see if this serial indicates that the zone has
6190 			 * to be updated */
6191 			if(xfr_serial_means_update(xfr, serial)) {
6192 				/* if updated, start the transfer task, if needed */
6193 				verbose(VERB_ALGO, "auth_zone updated, start transfer");
6194 				if(xfr->task_transfer->worker == NULL) {
6195 					struct auth_master* master =
6196 						xfr_probe_current_master(xfr);
6197 					/* if we have download URLs use them
6198 					 * in preference to this master we
6199 					 * just probed the SOA from */
6200 					if(xfr->task_transfer->masters &&
6201 						xfr->task_transfer->masters->http)
6202 						master = NULL;
6203 					xfr_probe_disown(xfr);
6204 					xfr_start_transfer(xfr, env, master);
6205 					return 0;
6206 
6207 				}
6208 				/* other tasks are running, we don't do this anymore */
6209 				xfr_probe_disown(xfr);
6210 				lock_basic_unlock(&xfr->lock);
6211 				/* return, we don't sent a reply to this udp packet,
6212 				 * and we setup the tasks to do next */
6213 				return 0;
6214 			} else {
6215 				verbose(VERB_ALGO, "auth_zone master reports unchanged soa serial");
6216 				/* we if cannot find updates amongst the
6217 				 * masters, this means we then have a new lease
6218 				 * on the zone */
6219 				xfr->task_probe->have_new_lease = 1;
6220 			}
6221 		} else {
6222 			if(verbosity >= VERB_ALGO) {
6223 				char buf[256];
6224 				dname_str(xfr->name, buf);
6225 				verbose(VERB_ALGO, "auth zone %s: bad reply to soa probe", buf);
6226 			}
6227 		}
6228 	} else {
6229 		if(verbosity >= VERB_ALGO) {
6230 			char buf[256];
6231 			dname_str(xfr->name, buf);
6232 			verbose(VERB_ALGO, "auth zone %s: soa probe failed", buf);
6233 		}
6234 	}
6235 
6236 	/* failed lookup or not an update */
6237 	/* delete commpoint so a new one is created, with a fresh port nr */
6238 	comm_point_delete(xfr->task_probe->cp);
6239 	xfr->task_probe->cp = NULL;
6240 
6241 	/* if the result was not a successfull probe, we need
6242 	 * to send the next one */
6243 	xfr_probe_nextmaster(xfr);
6244 	xfr_probe_send_or_end(xfr, env);
6245 	return 0;
6246 }
6247 
6248 /** lookup a host name for its addresses, if needed */
6249 static int
6250 xfr_probe_lookup_host(struct auth_xfer* xfr, struct module_env* env)
6251 {
6252 	struct sockaddr_storage addr;
6253 	socklen_t addrlen = 0;
6254 	struct auth_master* master = xfr->task_probe->lookup_target;
6255 	struct query_info qinfo;
6256 	uint16_t qflags = BIT_RD;
6257 	uint8_t dname[LDNS_MAX_DOMAINLEN+1];
6258 	struct edns_data edns;
6259 	sldns_buffer* buf = env->scratch_buffer;
6260 	if(!master) return 0;
6261 	if(extstrtoaddr(master->host, &addr, &addrlen)) {
6262 		/* not needed, host is in IP addr format */
6263 		return 0;
6264 	}
6265 	if(master->allow_notify && !master->http &&
6266 		strchr(master->host, '/') != NULL &&
6267 		strchr(master->host, '/') == strrchr(master->host, '/')) {
6268 		return 0; /* is IP/prefix format, not something to look up */
6269 	}
6270 
6271 	/* use mesh_new_callback to probe for non-addr hosts,
6272 	 * and then wait for them to be looked up (in cache, or query) */
6273 	qinfo.qname_len = sizeof(dname);
6274 	if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len)
6275 		!= 0) {
6276 		log_err("cannot parse host name of master %s", master->host);
6277 		return 0;
6278 	}
6279 	qinfo.qname = dname;
6280 	qinfo.qclass = xfr->dclass;
6281 	qinfo.qtype = LDNS_RR_TYPE_A;
6282 	if(xfr->task_probe->lookup_aaaa)
6283 		qinfo.qtype = LDNS_RR_TYPE_AAAA;
6284 	qinfo.local_alias = NULL;
6285 	if(verbosity >= VERB_ALGO) {
6286 		char buf1[512];
6287 		char buf2[LDNS_MAX_DOMAINLEN+1];
6288 		dname_str(xfr->name, buf2);
6289 		snprintf(buf1, sizeof(buf1), "auth zone %s: master lookup"
6290 			" for task_probe", buf2);
6291 		log_query_info(VERB_ALGO, buf1, &qinfo);
6292 	}
6293 	edns.edns_present = 1;
6294 	edns.ext_rcode = 0;
6295 	edns.edns_version = 0;
6296 	edns.bits = EDNS_DO;
6297 	edns.opt_list = NULL;
6298 	if(sldns_buffer_capacity(buf) < 65535)
6299 		edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
6300 	else	edns.udp_size = 65535;
6301 
6302 	/* unlock xfr during mesh_new_callback() because the callback can be
6303 	 * called straight away */
6304 	lock_basic_unlock(&xfr->lock);
6305 	if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
6306 		&auth_xfer_probe_lookup_callback, xfr)) {
6307 		lock_basic_lock(&xfr->lock);
6308 		log_err("out of memory lookup up master %s", master->host);
6309 		return 0;
6310 	}
6311 	lock_basic_lock(&xfr->lock);
6312 	return 1;
6313 }
6314 
6315 /** move to sending the probe packets, next if fails. task_probe */
6316 static void
6317 xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env)
6318 {
6319 	/* are we doing hostname lookups? */
6320 	while(xfr->task_probe->lookup_target) {
6321 		if(xfr_probe_lookup_host(xfr, env)) {
6322 			/* wait for lookup to finish,
6323 			 * note that the hostname may be in unbound's cache
6324 			 * and we may then get an instant cache response,
6325 			 * and that calls the callback just like a full
6326 			 * lookup and lookup failures also call callback */
6327 			if(verbosity >= VERB_ALGO) {
6328 				char zname[255+1];
6329 				dname_str(xfr->name, zname);
6330 				verbose(VERB_ALGO, "auth zone %s probe next target lookup", zname);
6331 			}
6332 			lock_basic_unlock(&xfr->lock);
6333 			return;
6334 		}
6335 		xfr_probe_move_to_next_lookup(xfr, env);
6336 	}
6337 	/* probe of list has ended.  Create or refresh the list of of
6338 	 * allow_notify addrs */
6339 	probe_copy_masters_for_allow_notify(xfr);
6340 	if(verbosity >= VERB_ALGO) {
6341 		char zname[255+1];
6342 		dname_str(xfr->name, zname);
6343 		verbose(VERB_ALGO, "auth zone %s probe: notify addrs updated", zname);
6344 	}
6345 	if(xfr->task_probe->only_lookup) {
6346 		/* only wanted lookups for copy, stop probe and start wait */
6347 		xfr->task_probe->only_lookup = 0;
6348 		if(verbosity >= VERB_ALGO) {
6349 			char zname[255+1];
6350 			dname_str(xfr->name, zname);
6351 			verbose(VERB_ALGO, "auth zone %s probe: finished only_lookup", zname);
6352 		}
6353 		xfr_probe_disown(xfr);
6354 		if(xfr->task_nextprobe->worker == NULL)
6355 			xfr_set_timeout(xfr, env, 0, 0);
6356 		lock_basic_unlock(&xfr->lock);
6357 		return;
6358 	}
6359 
6360 	/* send probe packets */
6361 	while(!xfr_probe_end_of_list(xfr)) {
6362 		if(xfr_probe_send_probe(xfr, env, AUTH_PROBE_TIMEOUT)) {
6363 			/* successfully sent probe, wait for callback */
6364 			lock_basic_unlock(&xfr->lock);
6365 			return;
6366 		}
6367 		/* failed to send probe, next master */
6368 		xfr_probe_nextmaster(xfr);
6369 	}
6370 
6371 	/* done with probe sequence, wait */
6372 	if(xfr->task_probe->have_new_lease) {
6373 		/* if zone not updated, start the wait timer again */
6374 		if(verbosity >= VERB_ALGO) {
6375 			char zname[255+1];
6376 			dname_str(xfr->name, zname);
6377 			verbose(VERB_ALGO, "auth_zone %s unchanged, new lease, wait", zname);
6378 		}
6379 		xfr_probe_disown(xfr);
6380 		if(xfr->have_zone)
6381 			xfr->lease_time = *env->now;
6382 		if(xfr->task_nextprobe->worker == NULL)
6383 			xfr_set_timeout(xfr, env, 0, 0);
6384 	} else {
6385 		if(verbosity >= VERB_ALGO) {
6386 			char zname[255+1];
6387 			dname_str(xfr->name, zname);
6388 			verbose(VERB_ALGO, "auth zone %s soa probe failed, wait to retry", zname);
6389 		}
6390 		/* we failed to send this as well, move to the wait task,
6391 		 * use the shorter retry timeout */
6392 		xfr_probe_disown(xfr);
6393 		/* pick up the nextprobe task and wait */
6394 		if(xfr->task_nextprobe->worker == NULL)
6395 			xfr_set_timeout(xfr, env, 1, 0);
6396 	}
6397 
6398 	lock_basic_unlock(&xfr->lock);
6399 }
6400 
6401 /** callback for task_probe lookup of host name, of A or AAAA */
6402 void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
6403 	enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus),
6404 	int ATTR_UNUSED(was_ratelimited))
6405 {
6406 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6407 	struct module_env* env;
6408 	log_assert(xfr->task_probe);
6409 	lock_basic_lock(&xfr->lock);
6410 	env = xfr->task_probe->env;
6411 	if(!env || env->outnet->want_to_quit) {
6412 		lock_basic_unlock(&xfr->lock);
6413 		return; /* stop on quit */
6414 	}
6415 
6416 	/* process result */
6417 	if(rcode == LDNS_RCODE_NOERROR) {
6418 		uint16_t wanted_qtype = LDNS_RR_TYPE_A;
6419 		struct regional* temp = env->scratch;
6420 		struct query_info rq;
6421 		struct reply_info* rep;
6422 		if(xfr->task_probe->lookup_aaaa)
6423 			wanted_qtype = LDNS_RR_TYPE_AAAA;
6424 		memset(&rq, 0, sizeof(rq));
6425 		rep = parse_reply_in_temp_region(buf, temp, &rq);
6426 		if(rep && rq.qtype == wanted_qtype &&
6427 			FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
6428 			/* parsed successfully */
6429 			struct ub_packed_rrset_key* answer =
6430 				reply_find_answer_rrset(&rq, rep);
6431 			if(answer) {
6432 				xfr_master_add_addrs(xfr->task_probe->
6433 					lookup_target, answer, wanted_qtype);
6434 			} else {
6435 				if(verbosity >= VERB_ALGO) {
6436 					char zname[255+1];
6437 					dname_str(xfr->name, zname);
6438 					verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has nodata", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6439 				}
6440 			}
6441 		} else {
6442 			if(verbosity >= VERB_ALGO) {
6443 				char zname[255+1];
6444 				dname_str(xfr->name, zname);
6445 				verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has no address", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6446 			}
6447 		}
6448 		regional_free_all(temp);
6449 	} else {
6450 		if(verbosity >= VERB_ALGO) {
6451 			char zname[255+1];
6452 			dname_str(xfr->name, zname);
6453 			verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup failed", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6454 		}
6455 	}
6456 	if(xfr->task_probe->lookup_target->list &&
6457 		xfr->task_probe->lookup_target == xfr_probe_current_master(xfr))
6458 		xfr->task_probe->scan_addr = xfr->task_probe->lookup_target->list;
6459 
6460 	/* move to lookup AAAA after A lookup, move to next hostname lookup,
6461 	 * or move to send the probes, or, if nothing to do, end task_probe */
6462 	xfr_probe_move_to_next_lookup(xfr, env);
6463 	xfr_probe_send_or_end(xfr, env);
6464 }
6465 
6466 /** disown task_nextprobe.  caller must hold xfr.lock */
6467 static void
6468 xfr_nextprobe_disown(struct auth_xfer* xfr)
6469 {
6470 	/* delete the timer, because the next worker to pick this up may
6471 	 * not have the same event base */
6472 	comm_timer_delete(xfr->task_nextprobe->timer);
6473 	xfr->task_nextprobe->timer = NULL;
6474 	xfr->task_nextprobe->next_probe = 0;
6475 	/* we don't own this item anymore */
6476 	xfr->task_nextprobe->worker = NULL;
6477 	xfr->task_nextprobe->env = NULL;
6478 }
6479 
6480 /** xfer nextprobe timeout callback, this is part of task_nextprobe */
6481 void
6482 auth_xfer_timer(void* arg)
6483 {
6484 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6485 	struct module_env* env;
6486 	log_assert(xfr->task_nextprobe);
6487 	lock_basic_lock(&xfr->lock);
6488 	env = xfr->task_nextprobe->env;
6489 	if(!env || env->outnet->want_to_quit) {
6490 		lock_basic_unlock(&xfr->lock);
6491 		return; /* stop on quit */
6492 	}
6493 
6494 	/* see if zone has expired, and if so, also set auth_zone expired */
6495 	if(xfr->have_zone && !xfr->zone_expired &&
6496 	   *env->now >= xfr->lease_time + xfr->expiry) {
6497 		lock_basic_unlock(&xfr->lock);
6498 		auth_xfer_set_expired(xfr, env, 1);
6499 		lock_basic_lock(&xfr->lock);
6500 	}
6501 
6502 	xfr_nextprobe_disown(xfr);
6503 
6504 	if(!xfr_start_probe(xfr, env, NULL)) {
6505 		/* not started because already in progress */
6506 		lock_basic_unlock(&xfr->lock);
6507 	}
6508 }
6509 
6510 /** return true if there are probe (SOA UDP query) targets in the master list*/
6511 static int
6512 have_probe_targets(struct auth_master* list)
6513 {
6514 	struct auth_master* p;
6515 	for(p=list; p; p = p->next) {
6516 		if(!p->allow_notify && p->host)
6517 			return 1;
6518 	}
6519 	return 0;
6520 }
6521 
6522 /** start task_probe if possible, if no masters for probe start task_transfer
6523  * returns true if task has been started, and false if the task is already
6524  * in progress. */
6525 static int
6526 xfr_start_probe(struct auth_xfer* xfr, struct module_env* env,
6527 	struct auth_master* spec)
6528 {
6529 	/* see if we need to start a probe (or maybe it is already in
6530 	 * progress (due to notify)) */
6531 	if(xfr->task_probe->worker == NULL) {
6532 		if(!have_probe_targets(xfr->task_probe->masters) &&
6533 			!(xfr->task_probe->only_lookup &&
6534 			xfr->task_probe->masters != NULL)) {
6535 			/* useless to pick up task_probe, no masters to
6536 			 * probe. Instead attempt to pick up task transfer */
6537 			if(xfr->task_transfer->worker == NULL) {
6538 				xfr_start_transfer(xfr, env, spec);
6539 				return 1;
6540 			}
6541 			/* task transfer already in progress */
6542 			return 0;
6543 		}
6544 
6545 		/* pick up the probe task ourselves */
6546 		xfr->task_probe->worker = env->worker;
6547 		xfr->task_probe->env = env;
6548 		xfr->task_probe->cp = NULL;
6549 
6550 		/* start the task */
6551 		/* have not seen a new lease yet, this scan */
6552 		xfr->task_probe->have_new_lease = 0;
6553 		/* if this was a timeout, no specific first master to scan */
6554 		/* otherwise, spec is nonNULL the notified master, scan
6555 		 * first and also transfer first from it */
6556 		xfr_probe_start_list(xfr, spec);
6557 		/* setup to start the lookup of hostnames of masters afresh */
6558 		xfr_probe_start_lookups(xfr);
6559 		/* send the probe packet or next send, or end task */
6560 		xfr_probe_send_or_end(xfr, env);
6561 		return 1;
6562 	}
6563 	return 0;
6564 }
6565 
6566 /** for task_nextprobe.
6567  * determine next timeout for auth_xfer. Also (re)sets timer.
6568  * @param xfr: task structure
6569  * @param env: module environment, with worker and time.
6570  * @param failure: set true if timer should be set for failure retry.
6571  * @param lookup_only: only perform lookups when timer done, 0 sec timeout
6572  */
6573 static void
6574 xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env,
6575 	int failure, int lookup_only)
6576 {
6577 	struct timeval tv;
6578 	log_assert(xfr->task_nextprobe != NULL);
6579 	log_assert(xfr->task_nextprobe->worker == NULL ||
6580 		xfr->task_nextprobe->worker == env->worker);
6581 	/* normally, nextprobe = startoflease + refresh,
6582 	 * but if expiry is sooner, use that one.
6583 	 * after a failure, use the retry timer instead. */
6584 	xfr->task_nextprobe->next_probe = *env->now;
6585 	if(xfr->lease_time && !failure)
6586 		xfr->task_nextprobe->next_probe = xfr->lease_time;
6587 
6588 	if(!failure) {
6589 		xfr->task_nextprobe->backoff = 0;
6590 	} else {
6591 		if(xfr->task_nextprobe->backoff == 0)
6592 				xfr->task_nextprobe->backoff = 3;
6593 		else	xfr->task_nextprobe->backoff *= 2;
6594 		if(xfr->task_nextprobe->backoff > AUTH_TRANSFER_MAX_BACKOFF)
6595 			xfr->task_nextprobe->backoff =
6596 				AUTH_TRANSFER_MAX_BACKOFF;
6597 	}
6598 
6599 	if(xfr->have_zone) {
6600 		time_t wait = xfr->refresh;
6601 		if(failure) wait = xfr->retry;
6602 		if(xfr->expiry < wait)
6603 			xfr->task_nextprobe->next_probe += xfr->expiry;
6604 		else	xfr->task_nextprobe->next_probe += wait;
6605 		if(failure)
6606 			xfr->task_nextprobe->next_probe +=
6607 				xfr->task_nextprobe->backoff;
6608 		/* put the timer exactly on expiry, if possible */
6609 		if(xfr->lease_time && xfr->lease_time+xfr->expiry <
6610 			xfr->task_nextprobe->next_probe &&
6611 			xfr->lease_time+xfr->expiry > *env->now)
6612 			xfr->task_nextprobe->next_probe =
6613 				xfr->lease_time+xfr->expiry;
6614 	} else {
6615 		xfr->task_nextprobe->next_probe +=
6616 			xfr->task_nextprobe->backoff;
6617 	}
6618 
6619 	if(!xfr->task_nextprobe->timer) {
6620 		xfr->task_nextprobe->timer = comm_timer_create(
6621 			env->worker_base, auth_xfer_timer, xfr);
6622 		if(!xfr->task_nextprobe->timer) {
6623 			/* failed to malloc memory. likely zone transfer
6624 			 * also fails for that. skip the timeout */
6625 			char zname[255+1];
6626 			dname_str(xfr->name, zname);
6627 			log_err("cannot allocate timer, no refresh for %s",
6628 				zname);
6629 			return;
6630 		}
6631 	}
6632 	xfr->task_nextprobe->worker = env->worker;
6633 	xfr->task_nextprobe->env = env;
6634 	if(*(xfr->task_nextprobe->env->now) <= xfr->task_nextprobe->next_probe)
6635 		tv.tv_sec = xfr->task_nextprobe->next_probe -
6636 			*(xfr->task_nextprobe->env->now);
6637 	else	tv.tv_sec = 0;
6638 	if(tv.tv_sec != 0 && lookup_only && xfr->task_probe->masters) {
6639 		/* don't lookup_only, if lookup timeout is 0 anyway,
6640 		 * or if we don't have masters to lookup */
6641 		tv.tv_sec = 0;
6642 		if(xfr->task_probe->worker == NULL)
6643 			xfr->task_probe->only_lookup = 1;
6644 	}
6645 	if(verbosity >= VERB_ALGO) {
6646 		char zname[255+1];
6647 		dname_str(xfr->name, zname);
6648 		verbose(VERB_ALGO, "auth zone %s timeout in %d seconds",
6649 			zname, (int)tv.tv_sec);
6650 	}
6651 	tv.tv_usec = 0;
6652 	comm_timer_set(xfr->task_nextprobe->timer, &tv);
6653 }
6654 
6655 /** initial pick up of worker timeouts, ties events to worker event loop */
6656 void
6657 auth_xfer_pickup_initial(struct auth_zones* az, struct module_env* env)
6658 {
6659 	struct auth_xfer* x;
6660 	lock_rw_wrlock(&az->lock);
6661 	RBTREE_FOR(x, struct auth_xfer*, &az->xtree) {
6662 		lock_basic_lock(&x->lock);
6663 		/* set lease_time, because we now have timestamp in env,
6664 		 * (not earlier during startup and apply_cfg), and this
6665 		 * notes the start time when the data was acquired */
6666 		if(x->have_zone)
6667 			x->lease_time = *env->now;
6668 		if(x->task_nextprobe && x->task_nextprobe->worker == NULL) {
6669 			xfr_set_timeout(x, env, 0, 1);
6670 		}
6671 		lock_basic_unlock(&x->lock);
6672 	}
6673 	lock_rw_unlock(&az->lock);
6674 }
6675 
6676 void auth_zones_cleanup(struct auth_zones* az)
6677 {
6678 	struct auth_xfer* x;
6679 	lock_rw_wrlock(&az->lock);
6680 	RBTREE_FOR(x, struct auth_xfer*, &az->xtree) {
6681 		lock_basic_lock(&x->lock);
6682 		if(x->task_nextprobe && x->task_nextprobe->worker != NULL) {
6683 			xfr_nextprobe_disown(x);
6684 		}
6685 		if(x->task_probe && x->task_probe->worker != NULL) {
6686 			xfr_probe_disown(x);
6687 		}
6688 		if(x->task_transfer && x->task_transfer->worker != NULL) {
6689 			auth_chunks_delete(x->task_transfer);
6690 			xfr_transfer_disown(x);
6691 		}
6692 		lock_basic_unlock(&x->lock);
6693 	}
6694 	lock_rw_unlock(&az->lock);
6695 }
6696 
6697 /**
6698  * malloc the xfer and tasks
6699  * @param z: auth_zone with name of zone.
6700  */
6701 static struct auth_xfer*
6702 auth_xfer_new(struct auth_zone* z)
6703 {
6704 	struct auth_xfer* xfr;
6705 	xfr = (struct auth_xfer*)calloc(1, sizeof(*xfr));
6706 	if(!xfr) return NULL;
6707 	xfr->name = memdup(z->name, z->namelen);
6708 	if(!xfr->name) {
6709 		free(xfr);
6710 		return NULL;
6711 	}
6712 	xfr->node.key = xfr;
6713 	xfr->namelen = z->namelen;
6714 	xfr->namelabs = z->namelabs;
6715 	xfr->dclass = z->dclass;
6716 
6717 	xfr->task_nextprobe = (struct auth_nextprobe*)calloc(1,
6718 		sizeof(struct auth_nextprobe));
6719 	if(!xfr->task_nextprobe) {
6720 		free(xfr->name);
6721 		free(xfr);
6722 		return NULL;
6723 	}
6724 	xfr->task_probe = (struct auth_probe*)calloc(1,
6725 		sizeof(struct auth_probe));
6726 	if(!xfr->task_probe) {
6727 		free(xfr->task_nextprobe);
6728 		free(xfr->name);
6729 		free(xfr);
6730 		return NULL;
6731 	}
6732 	xfr->task_transfer = (struct auth_transfer*)calloc(1,
6733 		sizeof(struct auth_transfer));
6734 	if(!xfr->task_transfer) {
6735 		free(xfr->task_probe);
6736 		free(xfr->task_nextprobe);
6737 		free(xfr->name);
6738 		free(xfr);
6739 		return NULL;
6740 	}
6741 
6742 	lock_basic_init(&xfr->lock);
6743 	lock_protect(&xfr->lock, &xfr->name, sizeof(xfr->name));
6744 	lock_protect(&xfr->lock, &xfr->namelen, sizeof(xfr->namelen));
6745 	lock_protect(&xfr->lock, xfr->name, xfr->namelen);
6746 	lock_protect(&xfr->lock, &xfr->namelabs, sizeof(xfr->namelabs));
6747 	lock_protect(&xfr->lock, &xfr->dclass, sizeof(xfr->dclass));
6748 	lock_protect(&xfr->lock, &xfr->notify_received, sizeof(xfr->notify_received));
6749 	lock_protect(&xfr->lock, &xfr->notify_serial, sizeof(xfr->notify_serial));
6750 	lock_protect(&xfr->lock, &xfr->zone_expired, sizeof(xfr->zone_expired));
6751 	lock_protect(&xfr->lock, &xfr->have_zone, sizeof(xfr->have_zone));
6752 	lock_protect(&xfr->lock, &xfr->serial, sizeof(xfr->serial));
6753 	lock_protect(&xfr->lock, &xfr->retry, sizeof(xfr->retry));
6754 	lock_protect(&xfr->lock, &xfr->refresh, sizeof(xfr->refresh));
6755 	lock_protect(&xfr->lock, &xfr->expiry, sizeof(xfr->expiry));
6756 	lock_protect(&xfr->lock, &xfr->lease_time, sizeof(xfr->lease_time));
6757 	lock_protect(&xfr->lock, &xfr->task_nextprobe->worker,
6758 		sizeof(xfr->task_nextprobe->worker));
6759 	lock_protect(&xfr->lock, &xfr->task_probe->worker,
6760 		sizeof(xfr->task_probe->worker));
6761 	lock_protect(&xfr->lock, &xfr->task_transfer->worker,
6762 		sizeof(xfr->task_transfer->worker));
6763 	lock_basic_lock(&xfr->lock);
6764 	return xfr;
6765 }
6766 
6767 /** Create auth_xfer structure.
6768  * This populates the have_zone, soa values, and so on times.
6769  * and sets the timeout, if a zone transfer is needed a short timeout is set.
6770  * For that the auth_zone itself must exist (and read in zonefile)
6771  * returns false on alloc failure. */
6772 struct auth_xfer*
6773 auth_xfer_create(struct auth_zones* az, struct auth_zone* z)
6774 {
6775 	struct auth_xfer* xfr;
6776 
6777 	/* malloc it */
6778 	xfr = auth_xfer_new(z);
6779 	if(!xfr) {
6780 		log_err("malloc failure");
6781 		return NULL;
6782 	}
6783 	/* insert in tree */
6784 	(void)rbtree_insert(&az->xtree, &xfr->node);
6785 	return xfr;
6786 }
6787 
6788 /** create new auth_master structure */
6789 static struct auth_master*
6790 auth_master_new(struct auth_master*** list)
6791 {
6792 	struct auth_master *m;
6793 	m = (struct auth_master*)calloc(1, sizeof(*m));
6794 	if(!m) {
6795 		log_err("malloc failure");
6796 		return NULL;
6797 	}
6798 	/* set first pointer to m, or next pointer of previous element to m */
6799 	(**list) = m;
6800 	/* store m's next pointer as future point to store at */
6801 	(*list) = &(m->next);
6802 	return m;
6803 }
6804 
6805 /** dup_prefix : create string from initial part of other string, malloced */
6806 static char*
6807 dup_prefix(char* str, size_t num)
6808 {
6809 	char* result;
6810 	size_t len = strlen(str);
6811 	if(len < num) num = len; /* not more than strlen */
6812 	result = (char*)malloc(num+1);
6813 	if(!result) {
6814 		log_err("malloc failure");
6815 		return result;
6816 	}
6817 	memmove(result, str, num);
6818 	result[num] = 0;
6819 	return result;
6820 }
6821 
6822 /** dup string and print error on error */
6823 static char*
6824 dup_all(char* str)
6825 {
6826 	char* result = strdup(str);
6827 	if(!result) {
6828 		log_err("malloc failure");
6829 		return NULL;
6830 	}
6831 	return result;
6832 }
6833 
6834 /** find first of two characters */
6835 static char*
6836 str_find_first_of_chars(char* s, char a, char b)
6837 {
6838 	char* ra = strchr(s, a);
6839 	char* rb = strchr(s, b);
6840 	if(!ra) return rb;
6841 	if(!rb) return ra;
6842 	if(ra < rb) return ra;
6843 	return rb;
6844 }
6845 
6846 /** parse URL into host and file parts, false on malloc or parse error */
6847 static int
6848 parse_url(char* url, char** host, char** file, int* port, int* ssl)
6849 {
6850 	char* p = url;
6851 	/* parse http://www.example.com/file.htm
6852 	 * or http://127.0.0.1   (index.html)
6853 	 * or https://[::1@1234]/a/b/c/d */
6854 	*ssl = 1;
6855 	*port = AUTH_HTTPS_PORT;
6856 
6857 	/* parse http:// or https:// */
6858 	if(strncmp(p, "http://", 7) == 0) {
6859 		p += 7;
6860 		*ssl = 0;
6861 		*port = AUTH_HTTP_PORT;
6862 	} else if(strncmp(p, "https://", 8) == 0) {
6863 		p += 8;
6864 	} else if(strstr(p, "://") && strchr(p, '/') > strstr(p, "://") &&
6865 		strchr(p, ':') >= strstr(p, "://")) {
6866 		char* uri = dup_prefix(p, (size_t)(strstr(p, "://")-p));
6867 		log_err("protocol %s:// not supported (for url %s)",
6868 			uri?uri:"", p);
6869 		free(uri);
6870 		return 0;
6871 	}
6872 
6873 	/* parse hostname part */
6874 	if(p[0] == '[') {
6875 		char* end = strchr(p, ']');
6876 		p++; /* skip over [ */
6877 		if(end) {
6878 			*host = dup_prefix(p, (size_t)(end-p));
6879 			if(!*host) return 0;
6880 			p = end+1; /* skip over ] */
6881 		} else {
6882 			*host = dup_all(p);
6883 			if(!*host) return 0;
6884 			p = end;
6885 		}
6886 	} else {
6887 		char* end = str_find_first_of_chars(p, ':', '/');
6888 		if(end) {
6889 			*host = dup_prefix(p, (size_t)(end-p));
6890 			if(!*host) return 0;
6891 		} else {
6892 			*host = dup_all(p);
6893 			if(!*host) return 0;
6894 		}
6895 		p = end; /* at next : or / or NULL */
6896 	}
6897 
6898 	/* parse port number */
6899 	if(p && p[0] == ':') {
6900 		char* end = NULL;
6901 		*port = strtol(p+1, &end, 10);
6902 		p = end;
6903 	}
6904 
6905 	/* parse filename part */
6906 	while(p && *p == '/')
6907 		p++;
6908 	if(!p || p[0] == 0)
6909 		*file = strdup("index.html");
6910 	else	*file = strdup(p);
6911 	if(!*file) {
6912 		log_err("malloc failure");
6913 		return 0;
6914 	}
6915 	return 1;
6916 }
6917 
6918 int
6919 xfer_set_masters(struct auth_master** list, struct config_auth* c,
6920 	int with_http)
6921 {
6922 	struct auth_master* m;
6923 	struct config_strlist* p;
6924 	/* list points to the first, or next pointer for the new element */
6925 	while(*list) {
6926 		list = &( (*list)->next );
6927 	}
6928 	if(with_http)
6929 	  for(p = c->urls; p; p = p->next) {
6930 		m = auth_master_new(&list);
6931 		m->http = 1;
6932 		if(!parse_url(p->str, &m->host, &m->file, &m->port, &m->ssl))
6933 			return 0;
6934 	}
6935 	for(p = c->masters; p; p = p->next) {
6936 		m = auth_master_new(&list);
6937 		m->ixfr = 1; /* this flag is not configurable */
6938 		m->host = strdup(p->str);
6939 		if(!m->host) {
6940 			log_err("malloc failure");
6941 			return 0;
6942 		}
6943 	}
6944 	for(p = c->allow_notify; p; p = p->next) {
6945 		m = auth_master_new(&list);
6946 		m->allow_notify = 1;
6947 		m->host = strdup(p->str);
6948 		if(!m->host) {
6949 			log_err("malloc failure");
6950 			return 0;
6951 		}
6952 	}
6953 	return 1;
6954 }
6955 
6956 #define SERIAL_BITS	32
6957 int
6958 compare_serial(uint32_t a, uint32_t b)
6959 {
6960 	const uint32_t cutoff = ((uint32_t) 1 << (SERIAL_BITS - 1));
6961 
6962 	if (a == b) {
6963 		return 0;
6964 	} else if ((a < b && b - a < cutoff) || (a > b && a - b > cutoff)) {
6965 		return -1;
6966 	} else {
6967 		return 1;
6968 	}
6969 }
6970