unbound  0.1
Functions
val_anchor.c File Reference

This file contains storage for the trust anchors for the validator. More...

#include "config.h"
#include <ctype.h>
#include <ldns/dname.h>
#include <ldns/host2wire.h>
#include "validator/val_anchor.h"
#include "validator/val_sigcrypt.h"
#include "validator/autotrust.h"
#include "util/data/packed_rrset.h"
#include "util/data/dname.h"
#include "util/log.h"
#include "util/net_help.h"
#include "util/config_file.h"

Functions

int anchor_cmp (const void *k1, const void *k2)
 compare two trust anchors
struct val_anchorsanchors_create (void)
 Create trust anchor storage.
static void assembled_rrset_delete (struct ub_packed_rrset_key *pkey)
 delete assembled rrset
static void anchors_delfunc (rbnode_t *elem, void *ATTR_UNUSED(arg))
 destroy locks in tree and delete autotrust anchors
void anchors_delete (struct val_anchors *anchors)
 Delete trust anchor storage.
void anchors_init_parents_locked (struct val_anchors *anchors)
 Recalculate parent pointers.
static void init_parents (struct val_anchors *anchors)
 initialise parent pointers in the tree
struct trust_anchoranchor_find (struct val_anchors *anchors, uint8_t *name, int namelabs, size_t namelen, uint16_t dclass)
 Find a trust anchor.
static struct trust_anchoranchor_new_ta (struct val_anchors *anchors, uint8_t *name, int namelabs, size_t namelen, uint16_t dclass, int lockit)
 create new trust anchor object
static struct ta_keyanchor_find_key (struct trust_anchor *ta, uint8_t *rdata, size_t rdata_len, uint16_t type)
 find trustanchor key by exact data match
static struct ta_keyanchor_new_ta_key (uint8_t *rdata, size_t rdata_len, uint16_t type)
 create new trustanchor key
static struct trust_anchoranchor_store_new_key (struct val_anchors *anchors, uint8_t *name, uint16_t type, uint16_t dclass, uint8_t *rdata, size_t rdata_len)
 This routine adds a new RR to a trust anchor.
static struct trust_anchoranchor_store_new_rr (struct val_anchors *anchors, ldns_buffer *buffer, ldns_rr *rr)
 Add new RR.
static struct trust_anchoranchor_insert_insecure (struct val_anchors *anchors, const char *str)
 Insert insecure anchor.
struct trust_anchoranchor_store_str (struct val_anchors *anchors, ldns_buffer *buffer, const char *str)
 Store one string as trust anchor RR.
static struct trust_anchoranchor_read_file (struct val_anchors *anchors, ldns_buffer *buffer, const char *fname, int onlyone)
 Read a file with trust anchors.
static void skip_to_eol (FILE *in)
 skip file to end of line
static int is_bind_special (int c)
 true for special characters in bind configs
static int readkeyword_bindfile (FILE *in, ldns_buffer *buf, int *line, int comments)
 Read a keyword skipping bind comments; spaces, specials, restkeywords.
static int skip_to_special (FILE *in, ldns_buffer *buf, int *line, int spec)
 skip through file to { or ;
static int process_bind_contents (struct val_anchors *anchors, ldns_buffer *buf, int *line, FILE *in)
 read contents of trusted-keys{ ...
static int anchor_read_bind_file (struct val_anchors *anchors, ldns_buffer *buffer, const char *fname)
 Read a BIND9 like file with trust anchors in named.conf format.
static int anchor_read_bind_file_wild (struct val_anchors *anchors, ldns_buffer *buffer, const char *pat)
 Read a BIND9 like files with trust anchors in named.conf format.
static struct ub_packed_rrset_keyassemble_it (struct trust_anchor *ta, size_t num, uint16_t type)
 Assemble an rrset structure for the type.
static int anchors_assemble (struct trust_anchor *ta)
 Assemble structures for the trust DS and DNSKEY rrsets.
static size_t anchors_ds_unsupported (struct trust_anchor *ta)
 Check DS algos for support, warn if not.
static size_t anchors_dnskey_unsupported (struct trust_anchor *ta)
 Check DNSKEY algos for support, warn if not.
static int anchors_assemble_rrsets (struct val_anchors *anchors)
 Assemble the rrsets in the anchors, ready for use by validator.
int anchors_apply_cfg (struct val_anchors *anchors, struct config_file *cfg)
 Process trust anchor config.
struct trust_anchoranchors_lookup (struct val_anchors *anchors, uint8_t *qname, size_t qname_len, uint16_t qclass)
 Given a qname/qclass combination, find the trust anchor closest above it.
size_t anchors_get_mem (struct val_anchors *anchors)
 Get memory in use by the trust anchor storage.
int anchors_add_insecure (struct val_anchors *anchors, uint16_t c, uint8_t *nm)
 Add insecure point trust anchor.
void anchors_delete_insecure (struct val_anchors *anchors, uint16_t c, uint8_t *nm)
 Delete insecure point trust anchor.

Detailed Description

This file contains storage for the trust anchors for the validator.

Function Documentation

struct val_anchors* anchors_create ( void  )
read

Create trust anchor storage.

Returns
new storage or NULL on error.

References anchor_cmp(), anchors_delete(), val_anchors::autr, autr_global_create(), val_anchors::lock, rbtree_create(), and val_anchors::tree.

Referenced by anchors_test(), and val_apply_cfg().

void anchors_delete ( struct val_anchors anchors)

Delete trust anchor storage.

Parameters
anchors,:to delete.

References anchors_delfunc(), val_anchors::autr, autr_global_delete(), val_anchors::lock, traverse_postorder(), and val_anchors::tree.

Referenced by anchors_create(), anchors_test(), and val_deinit().

void anchors_init_parents_locked ( struct val_anchors anchors)

Recalculate parent pointers.

The caller must hold the lock on the anchors structure (say after removing an item from the rbtree). Caller must not hold any locks on trust anchors. After the call is complete the parent pointers are updated and an item just removed is no longer referenced in parent pointers.

Parameters
anchors,:the structure to update.

References trust_anchor::dclass, dname_lab_cmp(), trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::node, trust_anchor::parent, RBTREE_FOR, and val_anchors::tree.

Referenced by anchors_add_insecure(), anchors_delete_insecure(), autr_tp_remove(), and init_parents().

struct trust_anchor* anchor_find ( struct val_anchors anchors,
uint8_t *  name,
int  namelabs,
size_t  namelen,
uint16_t  dclass 
)
read

Find a trust anchor.

Exact matching.

Parameters
anchors,:anchor storage.
name,:name of trust anchor (wireformat)
namelabs,:labels in name
namelen,:length of name
dclass,:class of trust anchor
Returns
NULL if not found. The anchor is locked.

References trust_anchor::dclass, rbnode_t::key, val_anchors::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, rbtree_search(), and val_anchors::tree.

Referenced by anchor_store_new_key(), find_add_tp(), iter_indicates_dnssec(), and process_prime_response().

static struct trust_anchor* anchor_store_new_key ( struct val_anchors anchors,
uint8_t *  name,
uint16_t  type,
uint16_t  dclass,
uint8_t *  rdata,
size_t  rdata_len 
)
staticread

This routine adds a new RR to a trust anchor.

The trust anchor may not exist yet, and is created if not. The RR can be DS or DNSKEY. This routine will also remove duplicates; storing them only once.

Parameters
anchors,:anchor storage.
name,:name of trust anchor (wireformat)
type,:type or RR
dclass,:class of RR
rdata,:rdata wireformat, starting with rdlength. If NULL, nothing is stored, but an entry is created.
rdata_len,:length of rdata including rdlength.
Returns
: NULL on error, else the trust anchor.

References anchor_find(), anchor_find_key(), anchor_new_ta(), anchor_new_ta_key(), dname_count_size_labels(), trust_anchor::keylist, trust_anchor::lock, log_err(), trust_anchor::namelabs, trust_anchor::namelen, ta_key::next, trust_anchor::numDNSKEY, and trust_anchor::numDS.

Referenced by anchor_insert_insecure(), and anchor_store_new_rr().

static struct trust_anchor* anchor_store_new_rr ( struct val_anchors anchors,
ldns_buffer *  buffer,
ldns_rr *  rr 
)
staticread

Add new RR.

It converts ldns RR to wire format.

Parameters
anchors,:anchor storage.
buffer,:parsing buffer.
rr,:the rr (allocated by caller).
Returns
NULL on error, else the trust anchor.

References anchor_store_new_key(), log_err(), log_nametypeclass(), and VERB_QUERY.

Referenced by anchor_read_file(), and anchor_store_str().

static struct trust_anchor* anchor_insert_insecure ( struct val_anchors anchors,
const char *  str 
)
staticread

Insert insecure anchor.

Parameters
anchors,:anchor storage.
str,:the domain name.
Returns
NULL on error, Else last trust anchor point

References anchor_store_new_key(), and log_err().

Referenced by anchors_apply_cfg().

struct trust_anchor* anchor_store_str ( struct val_anchors anchors,
ldns_buffer *  buffer,
const char *  str 
)
read

Store one string as trust anchor RR.

Parameters
anchors,:anchor storage.
buffer,:parsing buffer, to generate the RR wireformat in.
str,:string.
Returns
NULL on error.

References anchor_store_new_rr(), and log_err().

Referenced by anchors_apply_cfg(), process_bind_contents(), test_anchor_one(), and test_anchors().

static struct trust_anchor* anchor_read_file ( struct val_anchors anchors,
ldns_buffer *  buffer,
const char *  fname,
int  onlyone 
)
staticread

Read a file with trust anchors.

Parameters
anchors,:anchor storage.
buffer,:parsing buffer.
fname,:string.
onlyone,:only one trust anchor allowed in file.
Returns
NULL on error. Else last trust-anchor point.

References anchor_store_new_rr(), and log_err().

Referenced by anchors_apply_cfg().

static int readkeyword_bindfile ( FILE *  in,
ldns_buffer *  buf,
int *  line,
int  comments 
)
static

Read a keyword skipping bind comments; spaces, specials, restkeywords.

The file is split into the following tokens:

  • special characters, on their own, rdlen=1, { } doublequote ;
  • whitespace becomes a single ' ' or tab. Newlines become spaces.
  • other words ('keywords')
  • comments are skipped if desired / / C++ style comment to end of line

    to end of line

/ * C style comment * /

Parameters
in,:file to read from.
buf,:buffer, what is read is stored after current buffer position. Space is left in the buffer to write a terminating 0.
line,:line number is increased per line, for error reports.
comments,:if 0, comments are not possible and become text. if 1, comments are skipped entirely. In BIND files, this is when reading quoted strings, for example " base 64 text with / / in there "
Returns
the number of character written to the buffer. 0 on end of file.

References fatal_exit(), is_bind_special(), and skip_to_eol().

Referenced by anchor_read_bind_file(), process_bind_contents(), and skip_to_special().

static int process_bind_contents ( struct val_anchors anchors,
ldns_buffer *  buf,
int *  line,
FILE *  in 
)
static

read contents of trusted-keys{ ...

; clauses and insert keys into storage.

Parameters
anchors,:where to store keys
buf,:buffer to use
line,:line number in file
in,:file to read from.
Returns
0 on error.

References anchor_store_str(), log_err(), and readkeyword_bindfile().

Referenced by anchor_read_bind_file().

static int anchor_read_bind_file ( struct val_anchors anchors,
ldns_buffer *  buffer,
const char *  fname 
)
static

Read a BIND9 like file with trust anchors in named.conf format.

Parameters
anchors,:anchor storage.
buffer,:parsing buffer.
fname,:string.
Returns
false on error.

References log_err(), process_bind_contents(), readkeyword_bindfile(), skip_to_special(), VERB_QUERY, and verbose().

Referenced by anchor_read_bind_file_wild().

static int anchor_read_bind_file_wild ( struct val_anchors anchors,
ldns_buffer *  buffer,
const char *  pat 
)
static

Read a BIND9 like files with trust anchors in named.conf format.

Performs wildcard processing of name.

Parameters
anchors,:anchor storage.
buffer,:parsing buffer.
pat,:pattern string. (can be wildcarded)
Returns
false on error.

References anchor_read_bind_file(), log_err(), VERB_QUERY, and verbose().

Referenced by anchors_apply_cfg().

static struct ub_packed_rrset_key* assemble_it ( struct trust_anchor ta,
size_t  num,
uint16_t  type 
)
staticread
static int anchors_assemble ( struct trust_anchor ta)
static

Assemble structures for the trust DS and DNSKEY rrsets.

Parameters
ta,:trust anchor
Returns
: false on error.

References assemble_it(), trust_anchor::dnskey_rrset, trust_anchor::ds_rrset, trust_anchor::numDNSKEY, and trust_anchor::numDS.

Referenced by anchors_assemble_rrsets().

static size_t anchors_ds_unsupported ( struct trust_anchor ta)
static

Check DS algos for support, warn if not.

Parameters
ta,:trust anchor
Returns
number of DS anchors with unsupported algorithms.

References ds_digest_algo_is_supported(), ds_key_algo_is_supported(), trust_anchor::ds_rrset, and trust_anchor::numDS.

Referenced by anchors_assemble_rrsets().

static size_t anchors_dnskey_unsupported ( struct trust_anchor ta)
static

Check DNSKEY algos for support, warn if not.

Parameters
ta,:trust anchor
Returns
number of DNSKEY anchors with unsupported algorithms.

References dnskey_algo_is_supported(), trust_anchor::dnskey_rrset, and trust_anchor::numDNSKEY.

Referenced by anchors_assemble_rrsets().

static int anchors_assemble_rrsets ( struct val_anchors anchors)
static
int anchors_apply_cfg ( struct val_anchors anchors,
struct config_file cfg 
)
struct trust_anchor* anchors_lookup ( struct val_anchors anchors,
uint8_t *  qname,
size_t  qname_len,
uint16_t  qclass 
)
read

Given a qname/qclass combination, find the trust anchor closest above it.

Or return NULL if none exists.

Parameters
anchors,:struct anchor storage
qname,:query name, uncompressed wireformat.
qname_len,:length of qname.
qclass,:class to query for.
Returns
the trust anchor or NULL if none is found. The anchor is locked.

References trust_anchor::dclass, dname_count_labels(), dname_lab_cmp(), rbnode_t::key, val_anchors::lock, trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, trust_anchor::parent, rbtree_find_less_equal(), and val_anchors::tree.

Referenced by check_no_anchor(), processInit(), test_anchor_empty(), test_anchor_one(), and test_anchors().

size_t anchors_get_mem ( struct val_anchors anchors)

Get memory in use by the trust anchor storage.

Parameters
anchors,:anchor storage.
Returns
memory in use in bytes.

References trust_anchor::namelen, RBTREE_FOR, and val_anchors::tree.

Referenced by worker_mem_report().

int anchors_add_insecure ( struct val_anchors anchors,
uint16_t  c,
uint8_t *  nm 
)

Add insecure point trust anchor.

For external use (locks and init_parents)

Parameters
anchors,:anchor storage.
c,:class.
nm,:name of insecure trust point.
Returns
false on alloc failure.

References anchor_new_ta(), anchors_init_parents_locked(), trust_anchor::dclass, dname_count_size_labels(), rbnode_t::key, val_anchors::lock, log_err(), trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, rbtree_search(), and val_anchors::tree.

Referenced by do_forward_add(), and do_stub_add().

void anchors_delete_insecure ( struct val_anchors anchors,
uint16_t  c,
uint8_t *  nm 
)

Delete insecure point trust anchor.

Does not remove if no such point. For external use (locks and init_parents)

Parameters
anchors,:anchor storage.
c,:class.
nm,:name of insecure trust point.

References anchors_delfunc(), anchors_init_parents_locked(), trust_anchor::autr, trust_anchor::dclass, dname_count_size_labels(), rbnode_t::key, trust_anchor::keylist, val_anchors::lock, trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, trust_anchor::numDNSKEY, trust_anchor::numDS, rbtree_delete(), rbtree_search(), and val_anchors::tree.

Referenced by do_forward_remove(), do_stub_add(), and do_stub_remove().