1 /* 2 * validator/val_anchor.c - validator trust anchor storage. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains storage for the trust anchors for the validator. 40 */ 41 #include "config.h" 42 #include <ctype.h> 43 #include <ldns/dname.h> 44 #include <ldns/host2wire.h> 45 #include "validator/val_anchor.h" 46 #include "validator/val_sigcrypt.h" 47 #include "validator/autotrust.h" 48 #include "util/data/packed_rrset.h" 49 #include "util/data/dname.h" 50 #include "util/log.h" 51 #include "util/net_help.h" 52 #include "util/config_file.h" 53 #ifdef HAVE_GLOB_H 54 #include <glob.h> 55 #endif 56 57 int 58 anchor_cmp(const void* k1, const void* k2) 59 { 60 int m; 61 struct trust_anchor* n1 = (struct trust_anchor*)k1; 62 struct trust_anchor* n2 = (struct trust_anchor*)k2; 63 /* no need to ntohs(class) because sort order is irrelevant */ 64 if(n1->dclass != n2->dclass) { 65 if(n1->dclass < n2->dclass) 66 return -1; 67 return 1; 68 } 69 return dname_lab_cmp(n1->name, n1->namelabs, n2->name, n2->namelabs, 70 &m); 71 } 72 73 struct val_anchors* 74 anchors_create(void) 75 { 76 struct val_anchors* a = (struct val_anchors*)calloc(1, sizeof(*a)); 77 if(!a) 78 return NULL; 79 a->tree = rbtree_create(anchor_cmp); 80 if(!a->tree) { 81 anchors_delete(a); 82 return NULL; 83 } 84 a->autr = autr_global_create(); 85 if(!a->autr) { 86 anchors_delete(a); 87 return NULL; 88 } 89 lock_basic_init(&a->lock); 90 lock_protect(&a->lock, a, sizeof(*a)); 91 lock_protect(&a->lock, a->autr, sizeof(*a->autr)); 92 return a; 93 } 94 95 /** delete assembled rrset */ 96 static void 97 assembled_rrset_delete(struct ub_packed_rrset_key* pkey) 98 { 99 if(!pkey) return; 100 if(pkey->entry.data) { 101 struct packed_rrset_data* pd = (struct packed_rrset_data*) 102 pkey->entry.data; 103 free(pd->rr_data); 104 free(pd->rr_ttl); 105 free(pd->rr_len); 106 free(pd); 107 } 108 free(pkey->rk.dname); 109 free(pkey); 110 } 111 112 /** destroy locks in tree and delete autotrust anchors */ 113 static void 114 anchors_delfunc(rbnode_t* elem, void* ATTR_UNUSED(arg)) 115 { 116 struct trust_anchor* ta = (struct trust_anchor*)elem; 117 if(!ta) return; 118 if(ta->autr) { 119 autr_point_delete(ta); 120 } else { 121 struct ta_key* p, *np; 122 lock_basic_destroy(&ta->lock); 123 free(ta->name); 124 p = ta->keylist; 125 while(p) { 126 np = p->next; 127 free(p->data); 128 free(p); 129 p = np; 130 } 131 assembled_rrset_delete(ta->ds_rrset); 132 assembled_rrset_delete(ta->dnskey_rrset); 133 free(ta); 134 } 135 } 136 137 void 138 anchors_delete(struct val_anchors* anchors) 139 { 140 if(!anchors) 141 return; 142 lock_unprotect(&anchors->lock, anchors->autr); 143 lock_unprotect(&anchors->lock, anchors); 144 lock_basic_destroy(&anchors->lock); 145 if(anchors->tree) 146 traverse_postorder(anchors->tree, anchors_delfunc, NULL); 147 free(anchors->tree); 148 autr_global_delete(anchors->autr); 149 free(anchors); 150 } 151 152 void 153 anchors_init_parents_locked(struct val_anchors* anchors) 154 { 155 struct trust_anchor* node, *prev = NULL, *p; 156 int m; 157 /* nobody else can grab locks because we hold the main lock. 158 * Thus the previous items, after unlocked, are not deleted */ 159 RBTREE_FOR(node, struct trust_anchor*, anchors->tree) { 160 lock_basic_lock(&node->lock); 161 node->parent = NULL; 162 if(!prev || prev->dclass != node->dclass) { 163 prev = node; 164 lock_basic_unlock(&node->lock); 165 continue; 166 } 167 (void)dname_lab_cmp(prev->name, prev->namelabs, node->name, 168 node->namelabs, &m); /* we know prev is smaller */ 169 /* sort order like: . com. bla.com. zwb.com. net. */ 170 /* find the previous, or parent-parent-parent */ 171 for(p = prev; p; p = p->parent) 172 /* looking for name with few labels, a parent */ 173 if(p->namelabs <= m) { 174 /* ==: since prev matched m, this is closest*/ 175 /* <: prev matches more, but is not a parent, 176 * this one is a (grand)parent */ 177 node->parent = p; 178 break; 179 } 180 lock_basic_unlock(&node->lock); 181 prev = node; 182 } 183 } 184 185 /** initialise parent pointers in the tree */ 186 static void 187 init_parents(struct val_anchors* anchors) 188 { 189 lock_basic_lock(&anchors->lock); 190 anchors_init_parents_locked(anchors); 191 lock_basic_unlock(&anchors->lock); 192 } 193 194 struct trust_anchor* 195 anchor_find(struct val_anchors* anchors, uint8_t* name, int namelabs, 196 size_t namelen, uint16_t dclass) 197 { 198 struct trust_anchor key; 199 rbnode_t* n; 200 if(!name) return NULL; 201 key.node.key = &key; 202 key.name = name; 203 key.namelabs = namelabs; 204 key.namelen = namelen; 205 key.dclass = dclass; 206 lock_basic_lock(&anchors->lock); 207 n = rbtree_search(anchors->tree, &key); 208 if(n) { 209 lock_basic_lock(&((struct trust_anchor*)n->key)->lock); 210 } 211 lock_basic_unlock(&anchors->lock); 212 if(!n) 213 return NULL; 214 return (struct trust_anchor*)n->key; 215 } 216 217 /** create new trust anchor object */ 218 static struct trust_anchor* 219 anchor_new_ta(struct val_anchors* anchors, uint8_t* name, int namelabs, 220 size_t namelen, uint16_t dclass, int lockit) 221 { 222 #ifdef UNBOUND_DEBUG 223 rbnode_t* r; 224 #endif 225 struct trust_anchor* ta = (struct trust_anchor*)malloc( 226 sizeof(struct trust_anchor)); 227 if(!ta) 228 return NULL; 229 memset(ta, 0, sizeof(*ta)); 230 ta->node.key = ta; 231 ta->name = memdup(name, namelen); 232 if(!ta->name) { 233 free(ta); 234 return NULL; 235 } 236 ta->namelabs = namelabs; 237 ta->namelen = namelen; 238 ta->dclass = dclass; 239 lock_basic_init(&ta->lock); 240 if(lockit) { 241 lock_basic_lock(&anchors->lock); 242 } 243 #ifdef UNBOUND_DEBUG 244 r = 245 #endif 246 rbtree_insert(anchors->tree, &ta->node); 247 if(lockit) { 248 lock_basic_unlock(&anchors->lock); 249 } 250 log_assert(r != NULL); 251 return ta; 252 } 253 254 /** find trustanchor key by exact data match */ 255 static struct ta_key* 256 anchor_find_key(struct trust_anchor* ta, uint8_t* rdata, size_t rdata_len, 257 uint16_t type) 258 { 259 struct ta_key* k; 260 for(k = ta->keylist; k; k = k->next) { 261 if(k->type == type && k->len == rdata_len && 262 memcmp(k->data, rdata, rdata_len) == 0) 263 return k; 264 } 265 return NULL; 266 } 267 268 /** create new trustanchor key */ 269 static struct ta_key* 270 anchor_new_ta_key(uint8_t* rdata, size_t rdata_len, uint16_t type) 271 { 272 struct ta_key* k = (struct ta_key*)malloc(sizeof(*k)); 273 if(!k) 274 return NULL; 275 memset(k, 0, sizeof(*k)); 276 k->data = memdup(rdata, rdata_len); 277 if(!k->data) { 278 free(k); 279 return NULL; 280 } 281 k->len = rdata_len; 282 k->type = type; 283 return k; 284 } 285 286 /** 287 * This routine adds a new RR to a trust anchor. The trust anchor may not 288 * exist yet, and is created if not. The RR can be DS or DNSKEY. 289 * This routine will also remove duplicates; storing them only once. 290 * @param anchors: anchor storage. 291 * @param name: name of trust anchor (wireformat) 292 * @param type: type or RR 293 * @param dclass: class of RR 294 * @param rdata: rdata wireformat, starting with rdlength. 295 * If NULL, nothing is stored, but an entry is created. 296 * @param rdata_len: length of rdata including rdlength. 297 * @return: NULL on error, else the trust anchor. 298 */ 299 static struct trust_anchor* 300 anchor_store_new_key(struct val_anchors* anchors, uint8_t* name, uint16_t type, 301 uint16_t dclass, uint8_t* rdata, size_t rdata_len) 302 { 303 struct ta_key* k; 304 struct trust_anchor* ta; 305 int namelabs; 306 size_t namelen; 307 namelabs = dname_count_size_labels(name, &namelen); 308 if(type != LDNS_RR_TYPE_DS && type != LDNS_RR_TYPE_DNSKEY) { 309 log_err("Bad type for trust anchor"); 310 return 0; 311 } 312 /* lookup or create trustanchor */ 313 ta = anchor_find(anchors, name, namelabs, namelen, dclass); 314 if(!ta) { 315 ta = anchor_new_ta(anchors, name, namelabs, namelen, dclass, 1); 316 if(!ta) 317 return NULL; 318 lock_basic_lock(&ta->lock); 319 } 320 if(!rdata) { 321 lock_basic_unlock(&ta->lock); 322 return ta; 323 } 324 /* look for duplicates */ 325 if(anchor_find_key(ta, rdata, rdata_len, type)) { 326 lock_basic_unlock(&ta->lock); 327 return ta; 328 } 329 k = anchor_new_ta_key(rdata, rdata_len, type); 330 if(!k) { 331 lock_basic_unlock(&ta->lock); 332 return NULL; 333 } 334 /* add new key */ 335 if(type == LDNS_RR_TYPE_DS) 336 ta->numDS++; 337 else ta->numDNSKEY++; 338 k->next = ta->keylist; 339 ta->keylist = k; 340 lock_basic_unlock(&ta->lock); 341 return ta; 342 } 343 344 /** 345 * Add new RR. It converts ldns RR to wire format. 346 * @param anchors: anchor storage. 347 * @param buffer: parsing buffer. 348 * @param rr: the rr (allocated by caller). 349 * @return NULL on error, else the trust anchor. 350 */ 351 static struct trust_anchor* 352 anchor_store_new_rr(struct val_anchors* anchors, ldns_buffer* buffer, 353 ldns_rr* rr) 354 { 355 struct trust_anchor* ta; 356 ldns_rdf* owner = ldns_rr_owner(rr); 357 ldns_status status; 358 ldns_buffer_clear(buffer); 359 ldns_buffer_skip(buffer, 2); /* skip rdatalen */ 360 status = ldns_rr_rdata2buffer_wire(buffer, rr); 361 if(status != LDNS_STATUS_OK) { 362 log_err("error converting trustanchor to wireformat: %s", 363 ldns_get_errorstr_by_id(status)); 364 return NULL; 365 } 366 ldns_buffer_flip(buffer); 367 ldns_buffer_write_u16_at(buffer, 0, ldns_buffer_limit(buffer) - 2); 368 369 if(!(ta=anchor_store_new_key(anchors, ldns_rdf_data(owner), 370 ldns_rr_get_type(rr), ldns_rr_get_class(rr), 371 ldns_buffer_begin(buffer), ldns_buffer_limit(buffer)))) { 372 return NULL; 373 } 374 log_nametypeclass(VERB_QUERY, "adding trusted key", 375 ldns_rdf_data(owner), 376 ldns_rr_get_type(rr), ldns_rr_get_class(rr)); 377 return ta; 378 } 379 380 /** 381 * Insert insecure anchor 382 * @param anchors: anchor storage. 383 * @param str: the domain name. 384 * @return NULL on error, Else last trust anchor point 385 */ 386 static struct trust_anchor* 387 anchor_insert_insecure(struct val_anchors* anchors, const char* str) 388 { 389 struct trust_anchor* ta; 390 ldns_rdf* nm = ldns_dname_new_frm_str(str); 391 if(!nm) { 392 log_err("parse error in domain name '%s'", str); 393 return NULL; 394 } 395 ta = anchor_store_new_key(anchors, ldns_rdf_data(nm), LDNS_RR_TYPE_DS, 396 LDNS_RR_CLASS_IN, NULL, 0); 397 ldns_rdf_deep_free(nm); 398 return ta; 399 } 400 401 struct trust_anchor* 402 anchor_store_str(struct val_anchors* anchors, ldns_buffer* buffer, 403 const char* str) 404 { 405 struct trust_anchor* ta; 406 ldns_rr* rr = NULL; 407 ldns_status status = ldns_rr_new_frm_str(&rr, str, 0, NULL, NULL); 408 if(status != LDNS_STATUS_OK) { 409 log_err("error parsing trust anchor: %s", 410 ldns_get_errorstr_by_id(status)); 411 ldns_rr_free(rr); 412 return NULL; 413 } 414 if(!(ta=anchor_store_new_rr(anchors, buffer, rr))) { 415 log_err("out of memory"); 416 ldns_rr_free(rr); 417 return NULL; 418 } 419 ldns_rr_free(rr); 420 return ta; 421 } 422 423 /** 424 * Read a file with trust anchors 425 * @param anchors: anchor storage. 426 * @param buffer: parsing buffer. 427 * @param fname: string. 428 * @param onlyone: only one trust anchor allowed in file. 429 * @return NULL on error. Else last trust-anchor point. 430 */ 431 static struct trust_anchor* 432 anchor_read_file(struct val_anchors* anchors, ldns_buffer* buffer, 433 const char* fname, int onlyone) 434 { 435 struct trust_anchor* ta = NULL, *tanew; 436 uint32_t default_ttl = 3600; 437 ldns_rdf* origin = NULL, *prev = NULL; 438 int line_nr = 1; 439 ldns_status status; 440 ldns_rr* rr; 441 int ok = 1; 442 FILE* in = fopen(fname, "r"); 443 if(!in) { 444 log_err("error opening file %s: %s", fname, strerror(errno)); 445 return 0; 446 } 447 while(!feof(in)) { 448 rr = NULL; 449 status = ldns_rr_new_frm_fp_l(&rr, in, &default_ttl, &origin, 450 &prev, &line_nr); 451 if(status == LDNS_STATUS_SYNTAX_EMPTY /* empty line */ 452 || status == LDNS_STATUS_SYNTAX_TTL /* $TTL */ 453 || status == LDNS_STATUS_SYNTAX_ORIGIN /* $ORIGIN */) 454 continue; 455 if(status != LDNS_STATUS_OK) { 456 log_err("parse error in %s:%d : %s", fname, line_nr, 457 ldns_get_errorstr_by_id(status)); 458 ldns_rr_free(rr); 459 ok = 0; 460 break; 461 } 462 if(ldns_rr_get_type(rr) != LDNS_RR_TYPE_DS && 463 ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY) { 464 ldns_rr_free(rr); 465 continue; 466 } 467 if(!(tanew=anchor_store_new_rr(anchors, buffer, rr))) { 468 log_err("error at %s line %d", fname, line_nr); 469 ldns_rr_free(rr); 470 ok = 0; 471 break; 472 } 473 if(onlyone && ta && ta != tanew) { 474 log_err("error at %s line %d: no multiple anchor " 475 "domains allowed (you can have multiple " 476 "keys, but they must have the same name).", 477 fname, line_nr); 478 ldns_rr_free(rr); 479 ok = 0; 480 break; 481 } 482 ta = tanew; 483 ldns_rr_free(rr); 484 } 485 ldns_rdf_deep_free(origin); 486 ldns_rdf_deep_free(prev); 487 fclose(in); 488 if(!ok) return NULL; 489 /* empty file is OK when multiple anchors are allowed */ 490 if(!onlyone && !ta) return (struct trust_anchor*)1; 491 return ta; 492 } 493 494 /** skip file to end of line */ 495 static void 496 skip_to_eol(FILE* in) 497 { 498 int c; 499 while((c = getc(in)) != EOF ) { 500 if(c == '\n') 501 return; 502 } 503 } 504 505 /** true for special characters in bind configs */ 506 static int 507 is_bind_special(int c) 508 { 509 switch(c) { 510 case '{': 511 case '}': 512 case '"': 513 case ';': 514 return 1; 515 } 516 return 0; 517 } 518 519 /** 520 * Read a keyword skipping bind comments; spaces, specials, restkeywords. 521 * The file is split into the following tokens: 522 * * special characters, on their own, rdlen=1, { } doublequote ; 523 * * whitespace becomes a single ' ' or tab. Newlines become spaces. 524 * * other words ('keywords') 525 * * comments are skipped if desired 526 * / / C++ style comment to end of line 527 * # to end of line 528 * / * C style comment * / 529 * @param in: file to read from. 530 * @param buf: buffer, what is read is stored after current buffer position. 531 * Space is left in the buffer to write a terminating 0. 532 * @param line: line number is increased per line, for error reports. 533 * @param comments: if 0, comments are not possible and become text. 534 * if 1, comments are skipped entirely. 535 * In BIND files, this is when reading quoted strings, for example 536 * " base 64 text with / / in there " 537 * @return the number of character written to the buffer. 538 * 0 on end of file. 539 */ 540 static int 541 readkeyword_bindfile(FILE* in, ldns_buffer* buf, int* line, int comments) 542 { 543 int c; 544 int numdone = 0; 545 while((c = getc(in)) != EOF ) { 546 if(comments && c == '#') { /* # blabla */ 547 skip_to_eol(in); 548 (*line)++; 549 continue; 550 } else if(comments && c=='/' && numdone>0 && /* /_/ bla*/ 551 ldns_buffer_read_u8_at(buf, 552 ldns_buffer_position(buf)-1) == '/') { 553 ldns_buffer_skip(buf, -1); 554 numdone--; 555 skip_to_eol(in); 556 (*line)++; 557 continue; 558 } else if(comments && c=='*' && numdone>0 && /* /_* bla *_/ */ 559 ldns_buffer_read_u8_at(buf, 560 ldns_buffer_position(buf)-1) == '/') { 561 ldns_buffer_skip(buf, -1); 562 numdone--; 563 /* skip to end of comment */ 564 while(c != EOF && (c=getc(in)) != EOF ) { 565 if(c == '*') { 566 if((c=getc(in)) == '/') 567 break; 568 } 569 if(c == '\n') 570 (*line)++; 571 } 572 continue; 573 } 574 /* not a comment, complete the keyword */ 575 if(numdone > 0) { 576 /* check same type */ 577 if(isspace(c)) { 578 ungetc(c, in); 579 return numdone; 580 } 581 if(is_bind_special(c)) { 582 ungetc(c, in); 583 return numdone; 584 } 585 } 586 if(c == '\n') { 587 c = ' '; 588 (*line)++; 589 } 590 /* space for 1 char + 0 string terminator */ 591 if(ldns_buffer_remaining(buf) < 2) { 592 fatal_exit("trusted-keys, %d, string too long", *line); 593 } 594 ldns_buffer_write_u8(buf, (uint8_t)c); 595 numdone++; 596 if(isspace(c)) { 597 /* collate whitespace into ' ' */ 598 while((c = getc(in)) != EOF ) { 599 if(c == '\n') 600 (*line)++; 601 if(!isspace(c)) { 602 ungetc(c, in); 603 break; 604 } 605 } 606 return numdone; 607 } 608 if(is_bind_special(c)) 609 return numdone; 610 } 611 return numdone; 612 } 613 614 /** skip through file to { or ; */ 615 static int 616 skip_to_special(FILE* in, ldns_buffer* buf, int* line, int spec) 617 { 618 int rdlen; 619 ldns_buffer_clear(buf); 620 while((rdlen=readkeyword_bindfile(in, buf, line, 1))) { 621 if(rdlen == 1 && isspace((int)*ldns_buffer_begin(buf))) { 622 ldns_buffer_clear(buf); 623 continue; 624 } 625 if(rdlen != 1 || *ldns_buffer_begin(buf) != (uint8_t)spec) { 626 ldns_buffer_write_u8(buf, 0); 627 log_err("trusted-keys, line %d, expected %c", 628 *line, spec); 629 return 0; 630 } 631 return 1; 632 } 633 log_err("trusted-keys, line %d, expected %c got EOF", *line, spec); 634 return 0; 635 } 636 637 /** 638 * read contents of trusted-keys{ ... ; clauses and insert keys into storage. 639 * @param anchors: where to store keys 640 * @param buf: buffer to use 641 * @param line: line number in file 642 * @param in: file to read from. 643 * @return 0 on error. 644 */ 645 static int 646 process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf, 647 int* line, FILE* in) 648 { 649 /* loop over contents, collate strings before ; */ 650 /* contents is (numbered): 0 1 2 3 4 5 6 7 8 */ 651 /* name. 257 3 5 base64 base64 */ 652 /* quoted value: 0 "111" 0 0 0 0 0 0 0 */ 653 /* comments value: 1 "000" 1 1 1 "0 0 0 0" 1 */ 654 int contnum = 0; 655 int quoted = 0; 656 int comments = 1; 657 int rdlen; 658 char* str = 0; 659 ldns_buffer_clear(buf); 660 while((rdlen=readkeyword_bindfile(in, buf, line, comments))) { 661 if(rdlen == 1 && ldns_buffer_position(buf) == 1 662 && isspace((int)*ldns_buffer_begin(buf))) { 663 /* starting whitespace is removed */ 664 ldns_buffer_clear(buf); 665 continue; 666 } else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == '"') { 667 /* remove " from the string */ 668 if(contnum == 0) { 669 quoted = 1; 670 comments = 0; 671 } 672 ldns_buffer_skip(buf, -1); 673 if(contnum > 0 && quoted) { 674 if(ldns_buffer_remaining(buf) < 8+1) { 675 log_err("line %d, too long", *line); 676 return 0; 677 } 678 ldns_buffer_write(buf, " DNSKEY ", 8); 679 quoted = 0; 680 comments = 1; 681 } else if(contnum > 0) 682 comments = !comments; 683 continue; 684 } else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == ';') { 685 686 if(contnum < 5) { 687 ldns_buffer_write_u8(buf, 0); 688 log_err("line %d, bad key", *line); 689 return 0; 690 } 691 ldns_buffer_skip(buf, -1); 692 ldns_buffer_write_u8(buf, 0); 693 str = strdup((char*)ldns_buffer_begin(buf)); 694 if(!str) { 695 log_err("line %d, allocation failure", *line); 696 return 0; 697 } 698 if(!anchor_store_str(anchors, buf, str)) { 699 log_err("line %d, bad key", *line); 700 free(str); 701 return 0; 702 } 703 free(str); 704 ldns_buffer_clear(buf); 705 contnum = 0; 706 quoted = 0; 707 comments = 1; 708 continue; 709 } else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == '}') { 710 if(contnum > 0) { 711 ldns_buffer_write_u8(buf, 0); 712 log_err("line %d, bad key before }", *line); 713 return 0; 714 } 715 return 1; 716 } else if(rdlen == 1 && 717 isspace((int)ldns_buffer_current(buf)[-1])) { 718 /* leave whitespace here */ 719 } else { 720 /* not space or whatnot, so actual content */ 721 contnum ++; 722 if(contnum == 1 && !quoted) { 723 if(ldns_buffer_remaining(buf) < 8+1) { 724 log_err("line %d, too long", *line); 725 return 0; 726 } 727 ldns_buffer_write(buf, " DNSKEY ", 8); 728 } 729 } 730 } 731 732 log_err("line %d, EOF before }", *line); 733 return 0; 734 } 735 736 /** 737 * Read a BIND9 like file with trust anchors in named.conf format. 738 * @param anchors: anchor storage. 739 * @param buffer: parsing buffer. 740 * @param fname: string. 741 * @return false on error. 742 */ 743 static int 744 anchor_read_bind_file(struct val_anchors* anchors, ldns_buffer* buffer, 745 const char* fname) 746 { 747 int line_nr = 1; 748 FILE* in = fopen(fname, "r"); 749 int rdlen = 0; 750 if(!in) { 751 log_err("error opening file %s: %s", fname, strerror(errno)); 752 return 0; 753 } 754 verbose(VERB_QUERY, "reading in bind-compat-mode: '%s'", fname); 755 /* scan for trusted-keys keyword, ignore everything else */ 756 ldns_buffer_clear(buffer); 757 while((rdlen=readkeyword_bindfile(in, buffer, &line_nr, 1)) != 0) { 758 if(rdlen != 12 || strncmp((char*)ldns_buffer_begin(buffer), 759 "trusted-keys", 12) != 0) { 760 ldns_buffer_clear(buffer); 761 /* ignore everything but trusted-keys */ 762 continue; 763 } 764 if(!skip_to_special(in, buffer, &line_nr, '{')) { 765 log_err("error in trusted key: \"%s\"", fname); 766 fclose(in); 767 return 0; 768 } 769 /* process contents */ 770 if(!process_bind_contents(anchors, buffer, &line_nr, in)) { 771 log_err("error in trusted key: \"%s\"", fname); 772 fclose(in); 773 return 0; 774 } 775 if(!skip_to_special(in, buffer, &line_nr, ';')) { 776 log_err("error in trusted key: \"%s\"", fname); 777 fclose(in); 778 return 0; 779 } 780 ldns_buffer_clear(buffer); 781 } 782 fclose(in); 783 return 1; 784 } 785 786 /** 787 * Read a BIND9 like files with trust anchors in named.conf format. 788 * Performs wildcard processing of name. 789 * @param anchors: anchor storage. 790 * @param buffer: parsing buffer. 791 * @param pat: pattern string. (can be wildcarded) 792 * @return false on error. 793 */ 794 static int 795 anchor_read_bind_file_wild(struct val_anchors* anchors, ldns_buffer* buffer, 796 const char* pat) 797 { 798 #ifdef HAVE_GLOB 799 glob_t g; 800 size_t i; 801 int r, flags; 802 if(!strchr(pat, '*') && !strchr(pat, '?') && !strchr(pat, '[') && 803 !strchr(pat, '{') && !strchr(pat, '~')) { 804 return anchor_read_bind_file(anchors, buffer, pat); 805 } 806 verbose(VERB_QUERY, "wildcard found, processing %s", pat); 807 flags = 0 808 #ifdef GLOB_ERR 809 | GLOB_ERR 810 #endif 811 #ifdef GLOB_NOSORT 812 | GLOB_NOSORT 813 #endif 814 #ifdef GLOB_BRACE 815 | GLOB_BRACE 816 #endif 817 #ifdef GLOB_TILDE 818 | GLOB_TILDE 819 #endif 820 ; 821 memset(&g, 0, sizeof(g)); 822 r = glob(pat, flags, NULL, &g); 823 if(r) { 824 /* some error */ 825 if(r == GLOB_NOMATCH) { 826 verbose(VERB_QUERY, "trusted-keys-file: " 827 "no matches for %s", pat); 828 return 1; 829 } else if(r == GLOB_NOSPACE) { 830 log_err("wildcard trusted-keys-file %s: " 831 "pattern out of memory", pat); 832 } else if(r == GLOB_ABORTED) { 833 log_err("wildcard trusted-keys-file %s: expansion " 834 "aborted (%s)", pat, strerror(errno)); 835 } else { 836 log_err("wildcard trusted-keys-file %s: expansion " 837 "failed (%s)", pat, strerror(errno)); 838 } 839 /* ignore globs that yield no files */ 840 return 1; 841 } 842 /* process files found, if any */ 843 for(i=0; i<(size_t)g.gl_pathc; i++) { 844 if(!anchor_read_bind_file(anchors, buffer, g.gl_pathv[i])) { 845 log_err("error reading wildcard " 846 "trusted-keys-file: %s", g.gl_pathv[i]); 847 globfree(&g); 848 return 0; 849 } 850 } 851 globfree(&g); 852 return 1; 853 #else /* not HAVE_GLOB */ 854 return anchor_read_bind_file(anchors, buffer, pat); 855 #endif /* HAVE_GLOB */ 856 } 857 858 /** 859 * Assemble an rrset structure for the type 860 * @param ta: trust anchor. 861 * @param num: number of items to fetch from list. 862 * @param type: fetch only items of this type. 863 * @return rrset or NULL on error. 864 */ 865 static struct ub_packed_rrset_key* 866 assemble_it(struct trust_anchor* ta, size_t num, uint16_t type) 867 { 868 struct ub_packed_rrset_key* pkey = (struct ub_packed_rrset_key*) 869 malloc(sizeof(*pkey)); 870 struct packed_rrset_data* pd; 871 struct ta_key* tk; 872 size_t i; 873 if(!pkey) 874 return NULL; 875 memset(pkey, 0, sizeof(*pkey)); 876 pkey->rk.dname = memdup(ta->name, ta->namelen); 877 if(!pkey->rk.dname) { 878 free(pkey); 879 return NULL; 880 } 881 882 pkey->rk.dname_len = ta->namelen; 883 pkey->rk.type = htons(type); 884 pkey->rk.rrset_class = htons(ta->dclass); 885 /* The rrset is build in an uncompressed way. This means it 886 * cannot be copied in the normal way. */ 887 pd = (struct packed_rrset_data*)malloc(sizeof(*pd)); 888 if(!pd) { 889 free(pkey->rk.dname); 890 free(pkey); 891 return NULL; 892 } 893 memset(pd, 0, sizeof(*pd)); 894 pd->count = num; 895 pd->trust = rrset_trust_ultimate; 896 pd->rr_len = (size_t*)malloc(num*sizeof(size_t)); 897 if(!pd->rr_len) { 898 free(pd); 899 free(pkey->rk.dname); 900 free(pkey); 901 return NULL; 902 } 903 pd->rr_ttl = (uint32_t*)malloc(num*sizeof(uint32_t)); 904 if(!pd->rr_ttl) { 905 free(pd->rr_len); 906 free(pd); 907 free(pkey->rk.dname); 908 free(pkey); 909 return NULL; 910 } 911 pd->rr_data = (uint8_t**)malloc(num*sizeof(uint8_t*)); 912 if(!pd->rr_data) { 913 free(pd->rr_ttl); 914 free(pd->rr_len); 915 free(pd); 916 free(pkey->rk.dname); 917 free(pkey); 918 return NULL; 919 } 920 /* fill in rrs */ 921 i=0; 922 for(tk = ta->keylist; tk; tk = tk->next) { 923 if(tk->type != type) 924 continue; 925 pd->rr_len[i] = tk->len; 926 /* reuse data ptr to allocation in talist */ 927 pd->rr_data[i] = tk->data; 928 pd->rr_ttl[i] = 0; 929 i++; 930 } 931 pkey->entry.data = (void*)pd; 932 return pkey; 933 } 934 935 /** 936 * Assemble structures for the trust DS and DNSKEY rrsets. 937 * @param ta: trust anchor 938 * @return: false on error. 939 */ 940 static int 941 anchors_assemble(struct trust_anchor* ta) 942 { 943 if(ta->numDS > 0) { 944 ta->ds_rrset = assemble_it(ta, ta->numDS, LDNS_RR_TYPE_DS); 945 if(!ta->ds_rrset) 946 return 0; 947 } 948 if(ta->numDNSKEY > 0) { 949 ta->dnskey_rrset = assemble_it(ta, ta->numDNSKEY, 950 LDNS_RR_TYPE_DNSKEY); 951 if(!ta->dnskey_rrset) 952 return 0; 953 } 954 return 1; 955 } 956 957 /** 958 * Check DS algos for support, warn if not. 959 * @param ta: trust anchor 960 * @return number of DS anchors with unsupported algorithms. 961 */ 962 static size_t 963 anchors_ds_unsupported(struct trust_anchor* ta) 964 { 965 size_t i, num = 0; 966 for(i=0; i<ta->numDS; i++) { 967 if(!ds_digest_algo_is_supported(ta->ds_rrset, i) || 968 !ds_key_algo_is_supported(ta->ds_rrset, i)) 969 num++; 970 } 971 return num; 972 } 973 974 /** 975 * Check DNSKEY algos for support, warn if not. 976 * @param ta: trust anchor 977 * @return number of DNSKEY anchors with unsupported algorithms. 978 */ 979 static size_t 980 anchors_dnskey_unsupported(struct trust_anchor* ta) 981 { 982 size_t i, num = 0; 983 for(i=0; i<ta->numDNSKEY; i++) { 984 if(!dnskey_algo_is_supported(ta->dnskey_rrset, i)) 985 num++; 986 } 987 return num; 988 } 989 990 /** 991 * Assemble the rrsets in the anchors, ready for use by validator. 992 * @param anchors: trust anchor storage. 993 * @return: false on error. 994 */ 995 static int 996 anchors_assemble_rrsets(struct val_anchors* anchors) 997 { 998 struct trust_anchor* ta; 999 struct trust_anchor* next; 1000 size_t nods, nokey; 1001 lock_basic_lock(&anchors->lock); 1002 ta=(struct trust_anchor*)rbtree_first(anchors->tree); 1003 while((rbnode_t*)ta != RBTREE_NULL) { 1004 next = (struct trust_anchor*)rbtree_next(&ta->node); 1005 lock_basic_lock(&ta->lock); 1006 if(ta->autr || (ta->numDS == 0 && ta->numDNSKEY == 0)) { 1007 lock_basic_unlock(&ta->lock); 1008 ta = next; /* skip */ 1009 continue; 1010 } 1011 if(!anchors_assemble(ta)) { 1012 log_err("out of memory"); 1013 lock_basic_unlock(&ta->lock); 1014 lock_basic_unlock(&anchors->lock); 1015 return 0; 1016 } 1017 nods = anchors_ds_unsupported(ta); 1018 nokey = anchors_dnskey_unsupported(ta); 1019 if(nods) { 1020 log_nametypeclass(0, "warning: unsupported " 1021 "algorithm for trust anchor", 1022 ta->name, LDNS_RR_TYPE_DS, ta->dclass); 1023 } 1024 if(nokey) { 1025 log_nametypeclass(0, "warning: unsupported " 1026 "algorithm for trust anchor", 1027 ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); 1028 } 1029 if(nods == ta->numDS && nokey == ta->numDNSKEY) { 1030 char b[257]; 1031 dname_str(ta->name, b); 1032 log_warn("trust anchor %s has no supported algorithms," 1033 " the anchor is ignored (check if you need to" 1034 " upgrade unbound and openssl)", b); 1035 (void)rbtree_delete(anchors->tree, &ta->node); 1036 lock_basic_unlock(&ta->lock); 1037 anchors_delfunc(&ta->node, NULL); 1038 ta = next; 1039 continue; 1040 } 1041 lock_basic_unlock(&ta->lock); 1042 ta = next; 1043 } 1044 lock_basic_unlock(&anchors->lock); 1045 return 1; 1046 } 1047 1048 int 1049 anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg) 1050 { 1051 struct config_strlist* f; 1052 char* nm; 1053 ldns_buffer* parsebuf = ldns_buffer_new(65535); 1054 for(f = cfg->domain_insecure; f; f = f->next) { 1055 if(!f->str || f->str[0] == 0) /* empty "" */ 1056 continue; 1057 if(!anchor_insert_insecure(anchors, f->str)) { 1058 log_err("error in domain-insecure: %s", f->str); 1059 ldns_buffer_free(parsebuf); 1060 return 0; 1061 } 1062 } 1063 for(f = cfg->trust_anchor_file_list; f; f = f->next) { 1064 if(!f->str || f->str[0] == 0) /* empty "" */ 1065 continue; 1066 nm = f->str; 1067 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, 1068 cfg->chrootdir, strlen(cfg->chrootdir)) == 0) 1069 nm += strlen(cfg->chrootdir); 1070 if(!anchor_read_file(anchors, parsebuf, nm, 0)) { 1071 log_err("error reading trust-anchor-file: %s", f->str); 1072 ldns_buffer_free(parsebuf); 1073 return 0; 1074 } 1075 } 1076 for(f = cfg->trusted_keys_file_list; f; f = f->next) { 1077 if(!f->str || f->str[0] == 0) /* empty "" */ 1078 continue; 1079 nm = f->str; 1080 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, 1081 cfg->chrootdir, strlen(cfg->chrootdir)) == 0) 1082 nm += strlen(cfg->chrootdir); 1083 if(!anchor_read_bind_file_wild(anchors, parsebuf, nm)) { 1084 log_err("error reading trusted-keys-file: %s", f->str); 1085 ldns_buffer_free(parsebuf); 1086 return 0; 1087 } 1088 } 1089 for(f = cfg->trust_anchor_list; f; f = f->next) { 1090 if(!f->str || f->str[0] == 0) /* empty "" */ 1091 continue; 1092 if(!anchor_store_str(anchors, parsebuf, f->str)) { 1093 log_err("error in trust-anchor: \"%s\"", f->str); 1094 ldns_buffer_free(parsebuf); 1095 return 0; 1096 } 1097 } 1098 if(cfg->dlv_anchor_file && cfg->dlv_anchor_file[0] != 0) { 1099 struct trust_anchor* dlva; 1100 nm = cfg->dlv_anchor_file; 1101 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, 1102 cfg->chrootdir, strlen(cfg->chrootdir)) == 0) 1103 nm += strlen(cfg->chrootdir); 1104 if(!(dlva = anchor_read_file(anchors, parsebuf, 1105 nm, 1))) { 1106 log_err("error reading dlv-anchor-file: %s", 1107 cfg->dlv_anchor_file); 1108 ldns_buffer_free(parsebuf); 1109 return 0; 1110 } 1111 lock_basic_lock(&anchors->lock); 1112 anchors->dlv_anchor = dlva; 1113 lock_basic_unlock(&anchors->lock); 1114 } 1115 for(f = cfg->dlv_anchor_list; f; f = f->next) { 1116 struct trust_anchor* dlva; 1117 if(!f->str || f->str[0] == 0) /* empty "" */ 1118 continue; 1119 if(!(dlva = anchor_store_str( 1120 anchors, parsebuf, f->str))) { 1121 log_err("error in dlv-anchor: \"%s\"", f->str); 1122 ldns_buffer_free(parsebuf); 1123 return 0; 1124 } 1125 lock_basic_lock(&anchors->lock); 1126 anchors->dlv_anchor = dlva; 1127 lock_basic_unlock(&anchors->lock); 1128 } 1129 /* do autr last, so that it sees what anchors are filled by other 1130 * means can can print errors about double config for the name */ 1131 for(f = cfg->auto_trust_anchor_file_list; f; f = f->next) { 1132 if(!f->str || f->str[0] == 0) /* empty "" */ 1133 continue; 1134 nm = f->str; 1135 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, 1136 cfg->chrootdir, strlen(cfg->chrootdir)) == 0) 1137 nm += strlen(cfg->chrootdir); 1138 if(!autr_read_file(anchors, nm)) { 1139 log_err("error reading auto-trust-anchor-file: %s", 1140 f->str); 1141 ldns_buffer_free(parsebuf); 1142 return 0; 1143 } 1144 } 1145 /* first assemble, since it may delete useless anchors */ 1146 anchors_assemble_rrsets(anchors); 1147 init_parents(anchors); 1148 ldns_buffer_free(parsebuf); 1149 if(verbosity >= VERB_ALGO) autr_debug_print(anchors); 1150 return 1; 1151 } 1152 1153 struct trust_anchor* 1154 anchors_lookup(struct val_anchors* anchors, 1155 uint8_t* qname, size_t qname_len, uint16_t qclass) 1156 { 1157 struct trust_anchor key; 1158 struct trust_anchor* result; 1159 rbnode_t* res = NULL; 1160 key.node.key = &key; 1161 key.name = qname; 1162 key.namelabs = dname_count_labels(qname); 1163 key.namelen = qname_len; 1164 key.dclass = qclass; 1165 lock_basic_lock(&anchors->lock); 1166 if(rbtree_find_less_equal(anchors->tree, &key, &res)) { 1167 /* exact */ 1168 result = (struct trust_anchor*)res; 1169 } else { 1170 /* smaller element (or no element) */ 1171 int m; 1172 result = (struct trust_anchor*)res; 1173 if(!result || result->dclass != qclass) { 1174 lock_basic_unlock(&anchors->lock); 1175 return NULL; 1176 } 1177 /* count number of labels matched */ 1178 (void)dname_lab_cmp(result->name, result->namelabs, key.name, 1179 key.namelabs, &m); 1180 while(result) { /* go up until qname is subdomain of stub */ 1181 if(result->namelabs <= m) 1182 break; 1183 result = result->parent; 1184 } 1185 } 1186 if(result) { 1187 lock_basic_lock(&result->lock); 1188 } 1189 lock_basic_unlock(&anchors->lock); 1190 return result; 1191 } 1192 1193 size_t 1194 anchors_get_mem(struct val_anchors* anchors) 1195 { 1196 struct trust_anchor *ta; 1197 size_t s = sizeof(*anchors); 1198 RBTREE_FOR(ta, struct trust_anchor*, anchors->tree) { 1199 s += sizeof(*ta) + ta->namelen; 1200 /* keys and so on */ 1201 } 1202 return s; 1203 } 1204 1205 int 1206 anchors_add_insecure(struct val_anchors* anchors, uint16_t c, uint8_t* nm) 1207 { 1208 struct trust_anchor key; 1209 key.node.key = &key; 1210 key.name = nm; 1211 key.namelabs = dname_count_size_labels(nm, &key.namelen); 1212 key.dclass = c; 1213 lock_basic_lock(&anchors->lock); 1214 if(rbtree_search(anchors->tree, &key)) { 1215 lock_basic_unlock(&anchors->lock); 1216 /* nothing to do, already an anchor or insecure point */ 1217 return 1; 1218 } 1219 if(!anchor_new_ta(anchors, nm, key.namelabs, key.namelen, c, 0)) { 1220 log_err("out of memory"); 1221 lock_basic_unlock(&anchors->lock); 1222 return 0; 1223 } 1224 /* no other contents in new ta, because it is insecure point */ 1225 anchors_init_parents_locked(anchors); 1226 lock_basic_unlock(&anchors->lock); 1227 return 1; 1228 } 1229 1230 void 1231 anchors_delete_insecure(struct val_anchors* anchors, uint16_t c, 1232 uint8_t* nm) 1233 { 1234 struct trust_anchor key; 1235 struct trust_anchor* ta; 1236 key.node.key = &key; 1237 key.name = nm; 1238 key.namelabs = dname_count_size_labels(nm, &key.namelen); 1239 key.dclass = c; 1240 lock_basic_lock(&anchors->lock); 1241 if(!(ta=(struct trust_anchor*)rbtree_search(anchors->tree, &key))) { 1242 lock_basic_unlock(&anchors->lock); 1243 /* nothing there */ 1244 return; 1245 } 1246 /* lock it to drive away other threads that use it */ 1247 lock_basic_lock(&ta->lock); 1248 /* see if its really an insecure point */ 1249 if(ta->keylist || ta->autr || ta->numDS || ta->numDNSKEY) { 1250 lock_basic_unlock(&anchors->lock); 1251 lock_basic_unlock(&ta->lock); 1252 /* its not an insecure point, do not remove it */ 1253 return; 1254 } 1255 1256 /* remove from tree */ 1257 (void)rbtree_delete(anchors->tree, &ta->node); 1258 anchors_init_parents_locked(anchors); 1259 lock_basic_unlock(&anchors->lock); 1260 1261 /* actual free of data */ 1262 lock_basic_unlock(&ta->lock); 1263 anchors_delfunc(&ta->node, NULL); 1264 } 1265 1266