2000-02-23 23:31:33 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (C) 2000 Internet Software Consortium.
|
|
|
|
|
*
|
|
|
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
|
|
|
|
|
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
|
|
|
|
|
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
|
|
|
|
|
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
|
|
|
|
|
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
|
|
|
|
|
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
|
|
|
|
|
* SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
|
|
#include <stddef.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include <isc/buffer.h>
|
|
|
|
|
#include <isc/magic.h>
|
|
|
|
|
#include <isc/rwlock.h>
|
|
|
|
|
#include <isc/util.h>
|
|
|
|
|
|
|
|
|
|
#include <dns/keytable.h>
|
|
|
|
|
#include <dns/fixedname.h>
|
|
|
|
|
#include <dns/name.h>
|
|
|
|
|
#include <dns/rbt.h>
|
2000-05-02 03:54:17 +00:00
|
|
|
#include <dns/result.h>
|
2000-02-23 23:31:33 +00:00
|
|
|
|
2000-04-05 17:19:43 +00:00
|
|
|
#include <dst/dst.h>
|
|
|
|
|
|
2000-02-23 23:31:33 +00:00
|
|
|
struct dns_keytable {
|
|
|
|
|
/* Unlocked. */
|
|
|
|
|
unsigned int magic;
|
|
|
|
|
isc_mem_t *mctx;
|
|
|
|
|
isc_mutex_t lock;
|
|
|
|
|
isc_rwlock_t rwlock;
|
|
|
|
|
/* Locked by lock. */
|
|
|
|
|
isc_uint32_t active_nodes;
|
|
|
|
|
/* Locked by rwlock. */
|
|
|
|
|
isc_uint32_t references;
|
|
|
|
|
dns_rbt_t *table;
|
|
|
|
|
};
|
|
|
|
|
|
2000-02-24 00:33:02 +00:00
|
|
|
#define KEYTABLE_MAGIC 0x4b54626cU /* KTbl */
|
|
|
|
|
#define VALID_KEYTABLE(kt) ISC_MAGIC_VALID(kt, KEYTABLE_MAGIC)
|
2000-02-23 23:31:33 +00:00
|
|
|
|
|
|
|
|
struct dns_keynode {
|
|
|
|
|
unsigned int magic;
|
|
|
|
|
dst_key_t * key;
|
|
|
|
|
struct dns_keynode * next;
|
|
|
|
|
};
|
|
|
|
|
|
2000-02-24 00:33:02 +00:00
|
|
|
#define KEYNODE_MAGIC 0x4b4e6f64U /* KNod */
|
|
|
|
|
#define VALID_KEYNODE(kn) ISC_MAGIC_VALID(kn, KEYNODE_MAGIC)
|
2000-02-23 23:31:33 +00:00
|
|
|
|
2000-04-05 17:19:43 +00:00
|
|
|
static void
|
|
|
|
|
free_keynode(void *node, void *arg) {
|
|
|
|
|
dns_keynode_t *keynode = node;
|
|
|
|
|
isc_mem_t *mctx = arg;
|
|
|
|
|
|
|
|
|
|
REQUIRE(VALID_KEYNODE(keynode));
|
|
|
|
|
dst_key_free(keynode->key);
|
|
|
|
|
isc_mem_put(mctx, keynode, sizeof(dns_keynode_t));
|
|
|
|
|
}
|
|
|
|
|
|
2000-02-23 23:31:33 +00:00
|
|
|
isc_result_t
|
|
|
|
|
dns_keytable_create(isc_mem_t *mctx, dns_keytable_t **keytablep) {
|
|
|
|
|
dns_keytable_t *keytable;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create a keytable.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
REQUIRE(keytablep != NULL && *keytablep == NULL);
|
|
|
|
|
|
|
|
|
|
keytable = isc_mem_get(mctx, sizeof *keytable);
|
|
|
|
|
if (keytable == NULL)
|
2000-04-06 22:03:35 +00:00
|
|
|
return (ISC_R_NOMEMORY);
|
2000-02-23 23:31:33 +00:00
|
|
|
|
|
|
|
|
keytable->table = NULL;
|
2000-04-05 17:19:43 +00:00
|
|
|
result = dns_rbt_create(mctx, free_keynode, mctx, &keytable->table);
|
2000-02-23 23:31:33 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto cleanup_keytable;
|
|
|
|
|
|
|
|
|
|
result = isc_mutex_init(&keytable->lock);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
UNEXPECTED_ERROR(__FILE__, __LINE__,
|
|
|
|
|
"isc_mutex_init() failed: %s",
|
|
|
|
|
isc_result_totext(result));
|
|
|
|
|
result = ISC_R_UNEXPECTED;
|
|
|
|
|
goto cleanup_rbt;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = isc_rwlock_init(&keytable->rwlock, 0, 0);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
UNEXPECTED_ERROR(__FILE__, __LINE__,
|
|
|
|
|
"isc_rwlock_init() failed: %s",
|
|
|
|
|
isc_result_totext(result));
|
|
|
|
|
result = ISC_R_UNEXPECTED;
|
|
|
|
|
goto cleanup_lock;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
keytable->mctx = mctx;
|
|
|
|
|
keytable->active_nodes = 0;
|
|
|
|
|
keytable->references = 1;
|
2000-02-24 00:33:02 +00:00
|
|
|
keytable->magic = KEYTABLE_MAGIC;
|
2000-02-23 23:31:33 +00:00
|
|
|
*keytablep = keytable;
|
|
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
|
|
|
|
cleanup_lock:
|
|
|
|
|
isc_mutex_destroy(&keytable->lock);
|
|
|
|
|
|
|
|
|
|
cleanup_rbt:
|
|
|
|
|
dns_rbt_destroy(&keytable->table);
|
|
|
|
|
|
|
|
|
|
cleanup_keytable:
|
|
|
|
|
isc_mem_put(mctx, keytable, sizeof *keytable);
|
|
|
|
|
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_keytable_attach(dns_keytable_t *source, dns_keytable_t **targetp) {
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Attach *targetp to source.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
REQUIRE(VALID_KEYTABLE(source));
|
|
|
|
|
REQUIRE(targetp != NULL && *targetp == NULL);
|
|
|
|
|
|
|
|
|
|
RWLOCK(&source->rwlock, isc_rwlocktype_write);
|
|
|
|
|
|
|
|
|
|
INSIST(source->references > 0);
|
|
|
|
|
source->references++;
|
|
|
|
|
INSIST(source->references != 0);
|
|
|
|
|
|
|
|
|
|
RWUNLOCK(&source->rwlock, isc_rwlocktype_write);
|
|
|
|
|
|
|
|
|
|
*targetp = source;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_keytable_detach(dns_keytable_t **keytablep) {
|
|
|
|
|
isc_boolean_t destroy = ISC_FALSE;
|
|
|
|
|
dns_keytable_t *keytable;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Detach *keytablep from its keytable.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
REQUIRE(keytablep != NULL && VALID_KEYTABLE(*keytablep));
|
|
|
|
|
|
|
|
|
|
keytable = *keytablep;
|
|
|
|
|
|
|
|
|
|
RWLOCK(&keytable->rwlock, isc_rwlocktype_write);
|
|
|
|
|
|
|
|
|
|
INSIST(keytable->references > 0);
|
|
|
|
|
keytable->references--;
|
|
|
|
|
LOCK(&keytable->lock);
|
|
|
|
|
if (keytable->references == 0 && keytable->active_nodes == 0)
|
|
|
|
|
destroy = ISC_TRUE;
|
|
|
|
|
UNLOCK(&keytable->lock);
|
|
|
|
|
|
|
|
|
|
RWUNLOCK(&keytable->rwlock, isc_rwlocktype_write);
|
|
|
|
|
|
|
|
|
|
if (destroy) {
|
|
|
|
|
dns_rbt_destroy(&keytable->table);
|
|
|
|
|
isc_rwlock_destroy(&keytable->rwlock);
|
|
|
|
|
isc_mutex_destroy(&keytable->lock);
|
|
|
|
|
keytable->magic = 0;
|
|
|
|
|
isc_mem_put(keytable->mctx, keytable, sizeof *keytable);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*keytablep = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
|
|
|
|
dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
dns_keynode_t *knode;
|
|
|
|
|
dns_rbtnode_t *node;
|
|
|
|
|
dns_fixedname_t fname;
|
|
|
|
|
char *keyname;
|
|
|
|
|
isc_buffer_t buffer;
|
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Add '*keyp' to 'keytable'.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
REQUIRE(VALID_KEYTABLE(keytable));
|
|
|
|
|
REQUIRE(keyp != NULL);
|
|
|
|
|
|
|
|
|
|
keyname = dst_key_name(*keyp);
|
|
|
|
|
INSIST(keyname != NULL);
|
|
|
|
|
len = strlen(keyname);
|
103. [func] libisc buffer API changes for <isc/buffer.h>:
Added:
isc_buffer_base(b) (pointer)
isc_buffer_current(b) (pointer)
isc_buffer_active(b) (pointer)
isc_buffer_used(b) (pointer)
isc_buffer_length(b) (int)
isc_buffer_usedlength(b) (int)
isc_buffer_consumedlength(b) (int)
isc_buffer_remaininglength(b) (int)
isc_buffer_activelength(b) (int)
isc_buffer_availablelength(b) (int)
Removed:
ISC_BUFFER_USEDCOUNT(b)
ISC_BUFFER_AVAILABLECOUNT(b)
isc_buffer_type(b)
Changed names:
isc_buffer_used(b, r) ->
isc_buffer_usedregion(b, r)
isc_buffer_available(b, r) ->
isc_buffer_available_region(b, r)
isc_buffer_consumed(b, r) ->
isc_buffer_consumedregion(b, r)
isc_buffer_active(b, r) ->
isc_buffer_activeregion(b, r)
isc_buffer_remaining(b, r) ->
isc_buffer_remainingregion(b, r)
Buffer types were removed, so the ISC_BUFFERTYPE_*
macros are no more, and the type argument to
isc_buffer_init and isc_buffer_allocate were removed.
isc_buffer_putstr is now void (instead of isc_result_t)
and requires that the caller ensure that there
is enough available buffer space for the string.
2000-04-27 00:03:12 +00:00
|
|
|
isc_buffer_init(&buffer, keyname, len);
|
2000-02-23 23:31:33 +00:00
|
|
|
isc_buffer_add(&buffer, len);
|
|
|
|
|
dns_fixedname_init(&fname);
|
|
|
|
|
result = dns_name_fromtext(dns_fixedname_name(&fname), &buffer,
|
|
|
|
|
dns_rootname, ISC_FALSE, NULL);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
return (result);
|
|
|
|
|
|
|
|
|
|
knode = isc_mem_get(keytable->mctx, sizeof *knode);
|
|
|
|
|
if (knode == NULL)
|
|
|
|
|
return (ISC_R_NOMEMORY);
|
|
|
|
|
|
|
|
|
|
RWLOCK(&keytable->rwlock, isc_rwlocktype_write);
|
|
|
|
|
|
|
|
|
|
node = NULL;
|
|
|
|
|
result = dns_rbt_addnode(keytable->table, dns_fixedname_name(&fname),
|
|
|
|
|
&node);
|
|
|
|
|
|
|
|
|
|
if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) {
|
2000-02-24 00:33:02 +00:00
|
|
|
knode->magic = KEYNODE_MAGIC;
|
2000-02-23 23:31:33 +00:00
|
|
|
knode->key = *keyp;
|
|
|
|
|
knode->next = node->data;
|
|
|
|
|
node->data = knode;
|
|
|
|
|
*keyp = NULL;
|
|
|
|
|
knode = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
RWUNLOCK(&keytable->rwlock, isc_rwlocktype_write);
|
|
|
|
|
|
|
|
|
|
if (knode != NULL)
|
|
|
|
|
isc_mem_put(keytable->mctx, knode, sizeof *knode);
|
|
|
|
|
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
|
|
|
|
dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name,
|
|
|
|
|
dns_secalg_t algorithm, dns_keytag_t tag,
|
|
|
|
|
dns_keynode_t **keynodep)
|
|
|
|
|
{
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
dns_keynode_t *knode;
|
|
|
|
|
void *data;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Search for a key named 'name', matching 'algorithm' and 'tag' in
|
|
|
|
|
* 'keytable'.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
REQUIRE(VALID_KEYTABLE(keytable));
|
|
|
|
|
REQUIRE(dns_name_isabsolute(name));
|
|
|
|
|
REQUIRE(keynodep != NULL && *keynodep == NULL);
|
|
|
|
|
|
|
|
|
|
RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
|
|
|
|
|
|
|
|
|
|
knode = NULL;
|
|
|
|
|
data = NULL;
|
2000-04-19 18:27:24 +00:00
|
|
|
result = dns_rbt_findname(keytable->table, name, 0, NULL, &data);
|
2000-02-23 23:31:33 +00:00
|
|
|
|
|
|
|
|
if (result == ISC_R_SUCCESS) {
|
|
|
|
|
INSIST(data != NULL);
|
|
|
|
|
for (knode = data; knode != NULL; knode = knode->next) {
|
|
|
|
|
if (algorithm == (dns_secalg_t)dst_key_alg(knode->key)
|
|
|
|
|
&& tag == (dns_keytag_t)dst_key_id(knode->key))
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (knode != NULL) {
|
|
|
|
|
LOCK(&keytable->lock);
|
|
|
|
|
keytable->active_nodes++;
|
|
|
|
|
UNLOCK(&keytable->lock);
|
|
|
|
|
*keynodep = knode;
|
|
|
|
|
} else
|
|
|
|
|
result = ISC_R_NOTFOUND;
|
|
|
|
|
} else if (result == DNS_R_PARTIALMATCH)
|
|
|
|
|
result = ISC_R_NOTFOUND;
|
|
|
|
|
|
|
|
|
|
RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
|
|
|
|
|
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-18 17:47:17 +00:00
|
|
|
isc_result_t
|
|
|
|
|
dns_keytable_finddeepestmatch(dns_keytable_t *keytable, dns_name_t *name,
|
|
|
|
|
dns_name_t *foundname)
|
|
|
|
|
{
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
dns_keynode_t *knode;
|
|
|
|
|
void *data;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Search for the deepest match in 'keytable'.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
REQUIRE(VALID_KEYTABLE(keytable));
|
|
|
|
|
REQUIRE(dns_name_isabsolute(name));
|
|
|
|
|
REQUIRE(foundname != NULL);
|
|
|
|
|
|
|
|
|
|
RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
|
|
|
|
|
|
|
|
|
|
knode = NULL;
|
|
|
|
|
data = NULL;
|
2000-04-19 18:27:24 +00:00
|
|
|
result = dns_rbt_findname(keytable->table, name, 0, foundname, &data);
|
2000-04-18 17:47:17 +00:00
|
|
|
|
|
|
|
|
if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
|
|
|
|
|
result = ISC_R_SUCCESS;
|
|
|
|
|
|
|
|
|
|
RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
|
|
|
|
|
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2000-02-23 23:31:33 +00:00
|
|
|
void
|
|
|
|
|
dns_keytable_detachkeynode(dns_keytable_t *keytable,
|
|
|
|
|
dns_keynode_t **keynodep)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Give back a keynode found via dns_keytable_findkeynode().
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
REQUIRE(VALID_KEYTABLE(keytable));
|
|
|
|
|
REQUIRE(keynodep != NULL && VALID_KEYNODE(*keynodep));
|
|
|
|
|
|
|
|
|
|
LOCK(&keytable->lock);
|
|
|
|
|
INSIST(keytable->active_nodes > 0);
|
|
|
|
|
keytable->active_nodes--;
|
|
|
|
|
UNLOCK(&keytable->lock);
|
|
|
|
|
|
|
|
|
|
*keynodep = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
|
|
|
|
dns_keytable_issecuredomain(dns_keytable_t *keytable, dns_name_t *name,
|
|
|
|
|
isc_boolean_t *wantdnssecp)
|
|
|
|
|
{
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
void *data;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Is 'name' at or beneath a trusted key?
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
REQUIRE(VALID_KEYTABLE(keytable));
|
|
|
|
|
REQUIRE(dns_name_isabsolute(name));
|
|
|
|
|
REQUIRE(wantdnssecp != NULL);
|
|
|
|
|
|
|
|
|
|
RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
|
|
|
|
|
|
|
|
|
|
data = NULL;
|
2000-04-19 18:27:24 +00:00
|
|
|
result = dns_rbt_findname(keytable->table, name, 0, NULL, &data);
|
2000-02-23 23:31:33 +00:00
|
|
|
|
|
|
|
|
if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
|
|
|
|
|
INSIST(data != NULL);
|
|
|
|
|
*wantdnssecp = ISC_TRUE;
|
2000-03-16 23:57:02 +00:00
|
|
|
result = ISC_R_SUCCESS;
|
2000-02-23 23:31:33 +00:00
|
|
|
} else if (result == ISC_R_NOTFOUND) {
|
|
|
|
|
*wantdnssecp = ISC_FALSE;
|
2000-03-16 23:57:02 +00:00
|
|
|
result = ISC_R_SUCCESS;
|
2000-02-23 23:31:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
|
|
|
|
|
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dst_key_t *
|
|
|
|
|
dns_keynode_key(dns_keynode_t *keynode) {
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get the DST key associated with keynode.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
REQUIRE(VALID_KEYNODE(keynode));
|
|
|
|
|
|
|
|
|
|
return (keynode->key);
|
|
|
|
|
}
|
