mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-03 16:15:27 +00:00
use ISC_REFCOUNT_IMPL for dns_tsigkey and dns_tsigkeyring
use the ISC_REFCOUNT attach/detach implementation in dns/tsig.c so that detailed tracing can be used during refactoring. dns_tsig_keyring_t has been renamed dns_tsigkeyring_t so the type and the attach/detach function names will match.
This commit is contained in:
Evan Hunt
@@ -22,7 +22,7 @@ ISC_LANG_BEGINDECLS
|
||||
|
||||
isc_result_t
|
||||
named_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
|
||||
isc_mem_t *mctx, dns_tsigkeyring_t **ringp);
|
||||
/*%<
|
||||
* Create a TSIG key ring and configure it according to the 'key'
|
||||
* statements in the global and view configuration objects.
|
||||
|
||||
@@ -4087,7 +4087,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
|
||||
uint32_t lame_ttl, fail_ttl;
|
||||
uint32_t max_stale_ttl = 0;
|
||||
uint32_t stale_refresh_time = 0;
|
||||
dns_tsig_keyring_t *ring = NULL;
|
||||
dns_tsigkeyring_t *ring = NULL;
|
||||
dns_transport_list_t *transports = NULL;
|
||||
dns_view_t *pview = NULL; /* Production view */
|
||||
dns_dispatch_t *dispatch4 = NULL;
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
#include <named/tsigconf.h>
|
||||
|
||||
static isc_result_t
|
||||
add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring,
|
||||
add_initial_keys(const cfg_obj_t *list, dns_tsigkeyring_t *ring,
|
||||
isc_mem_t *mctx) {
|
||||
dns_tsigkey_t *tsigkey = NULL;
|
||||
const cfg_listelt_t *element;
|
||||
@@ -136,10 +136,10 @@ failure:
|
||||
|
||||
isc_result_t
|
||||
named_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
isc_mem_t *mctx, dns_tsig_keyring_t **ringp) {
|
||||
isc_mem_t *mctx, dns_tsigkeyring_t **ringp) {
|
||||
const cfg_obj_t *maps[3];
|
||||
const cfg_obj_t *keylist;
|
||||
dns_tsig_keyring_t *ring = NULL;
|
||||
dns_tsigkeyring_t *ring = NULL;
|
||||
isc_result_t result;
|
||||
int i;
|
||||
|
||||
|
||||
@@ -135,7 +135,7 @@ static dns_name_t *userzone = NULL;
|
||||
static dns_name_t *zname = NULL;
|
||||
static dns_name_t tmpzonename = DNS_NAME_INITEMPTY;
|
||||
static dns_name_t restart_primary = DNS_NAME_INITEMPTY;
|
||||
static dns_tsig_keyring_t *gssring = NULL;
|
||||
static dns_tsigkeyring_t *gssring = NULL;
|
||||
static dns_tsigkey_t *tsigkey = NULL;
|
||||
static dst_key_t *sig0key = NULL;
|
||||
static isc_sockaddr_t *servers = NULL;
|
||||
|
||||
@@ -89,8 +89,8 @@ static isc_stdtime_t fuzztime = 0x622acce1;
|
||||
static isc_loopmgr_t *loopmgr = NULL;
|
||||
static dns_view_t *view = NULL;
|
||||
static dns_tsigkey_t *tsigkey = NULL;
|
||||
static dns_tsig_keyring_t *ring = NULL;
|
||||
static dns_tsig_keyring_t *emptyring = NULL;
|
||||
static dns_tsigkeyring_t *ring = NULL;
|
||||
static dns_tsigkeyring_t *emptyring = NULL;
|
||||
static char *wd = NULL;
|
||||
static char template[] = "/tmp/dns-message-checksig-XXXXXX";
|
||||
|
||||
|
||||
@@ -69,7 +69,7 @@ dns_tkeyctx_destroy(dns_tkeyctx_t **tctxp);
|
||||
|
||||
isc_result_t
|
||||
dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
|
||||
dns_tsig_keyring_t *ring);
|
||||
dns_tsigkeyring_t *ring);
|
||||
/*%<
|
||||
* Processes a query containing a TKEY record, adding or deleting TSIG
|
||||
* keys if necessary, and modifies the message to contain the response.
|
||||
@@ -113,7 +113,7 @@ dns_tkey_buildgssquery(dns_message_t *msg, const dns_name_t *name,
|
||||
isc_result_t
|
||||
dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
|
||||
const dns_name_t *server, dns_gss_ctx_id_t *context,
|
||||
dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring,
|
||||
dns_tsigkey_t **outkey, dns_tsigkeyring_t *ring,
|
||||
char **err_message);
|
||||
/*%<
|
||||
* Client side negotiation of GSS-TSIG. Process the response
|
||||
|
||||
@@ -28,6 +28,9 @@
|
||||
|
||||
#include <dst/dst.h>
|
||||
|
||||
/* Define to 1 for detailed reference tracing */
|
||||
#undef DNS_TSIG_TRACE
|
||||
|
||||
/*
|
||||
* Algorithms.
|
||||
*/
|
||||
@@ -51,7 +54,7 @@ extern const dns_name_t *dns_tsig_hmacsha512_name;
|
||||
*/
|
||||
#define DNS_TSIG_FUDGE 300
|
||||
|
||||
struct dns_tsig_keyring {
|
||||
struct dns_tsigkeyring {
|
||||
dns_rbt_t *keys;
|
||||
unsigned int writecount;
|
||||
isc_rwlock_t lock;
|
||||
@@ -68,18 +71,18 @@ struct dns_tsig_keyring {
|
||||
|
||||
struct dns_tsigkey {
|
||||
/* Unlocked */
|
||||
unsigned int magic; /*%< Magic number. */
|
||||
isc_mem_t *mctx;
|
||||
dst_key_t *key; /*%< Key */
|
||||
dns_name_t name; /*%< Key name */
|
||||
const dns_name_t *algorithm; /*%< Algorithm name */
|
||||
dns_name_t *creator; /*%< name that created secret */
|
||||
bool generated : 1; /*%< key was auto-generated */
|
||||
bool restored : 1; /*%< key was restored at startup */
|
||||
isc_stdtime_t inception; /*%< start of validity period */
|
||||
isc_stdtime_t expire; /*%< end of validity period */
|
||||
dns_tsig_keyring_t *ring; /*%< the enclosing keyring */
|
||||
isc_refcount_t refs; /*%< reference counter */
|
||||
unsigned int magic; /*%< Magic number. */
|
||||
isc_mem_t *mctx;
|
||||
dst_key_t *key; /*%< Key */
|
||||
dns_name_t name; /*%< Key name */
|
||||
const dns_name_t *algorithm; /*%< Algorithm name */
|
||||
dns_name_t *creator; /*%< name that created secret */
|
||||
bool generated : 1; /*%< key was auto-generated */
|
||||
bool restored : 1; /*%< key was restored at startup */
|
||||
isc_stdtime_t inception; /*%< start of validity period */
|
||||
isc_stdtime_t expire; /*%< end of validity period */
|
||||
dns_tsigkeyring_t *ring; /*%< the enclosing keyring */
|
||||
isc_refcount_t references; /*%< reference counter */
|
||||
ISC_LINK(dns_tsigkey_t) link;
|
||||
};
|
||||
|
||||
@@ -108,7 +111,7 @@ dns_tsigkey_createfromkey(const dns_name_t *name, const dns_name_t *algorithm,
|
||||
dst_key_t *dstkey, bool generated, bool restored,
|
||||
const dns_name_t *creator, isc_stdtime_t inception,
|
||||
isc_stdtime_t expire, isc_mem_t *mctx,
|
||||
dns_tsig_keyring_t *ring, dns_tsigkey_t **key);
|
||||
dns_tsigkeyring_t *ring, dns_tsigkey_t **key);
|
||||
/*%<
|
||||
* Creates a tsig key structure and saves it in the keyring. If key is
|
||||
* not NULL, *key will contain a copy of the key. The keys validity
|
||||
@@ -141,31 +144,7 @@ dns_tsigkey_createfromkey(const dns_name_t *name, const dns_name_t *algorithm,
|
||||
*/
|
||||
|
||||
void
|
||||
dns_tsigkey_attach(dns_tsigkey_t *source, dns_tsigkey_t **targetp);
|
||||
/*%<
|
||||
* Attach '*targetp' to 'source'.
|
||||
*
|
||||
* Requires:
|
||||
*\li 'key' is a valid TSIG key
|
||||
*
|
||||
* Ensures:
|
||||
*\li *targetp is attached to source.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_tsigkey_detach(dns_tsigkey_t **keyp);
|
||||
/*%<
|
||||
* Detaches from the tsig key structure pointed to by '*key'.
|
||||
*
|
||||
* Requires:
|
||||
*\li 'keyp' is not NULL and '*keyp' is a valid TSIG key
|
||||
*
|
||||
* Ensures:
|
||||
*\li 'keyp' points to NULL
|
||||
*/
|
||||
|
||||
void
|
||||
dns_tsigkey_setdeleted(dns_tsigkey_t *key);
|
||||
dns_tsigkey_delete(dns_tsigkey_t *key);
|
||||
/*%<
|
||||
* Prevents this key from being used again. It will be deleted when
|
||||
* no references exist.
|
||||
@@ -194,7 +173,7 @@ dns_tsig_sign(dns_message_t *msg);
|
||||
|
||||
isc_result_t
|
||||
dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
|
||||
dns_tsig_keyring_t *ring1, dns_tsig_keyring_t *ring2);
|
||||
dns_tsigkeyring_t *ring1, dns_tsigkeyring_t *ring2);
|
||||
/*%<
|
||||
* Verifies the TSIG record in this message
|
||||
*
|
||||
@@ -223,7 +202,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
|
||||
|
||||
isc_result_t
|
||||
dns_tsigkey_find(dns_tsigkey_t **tsigkey, const dns_name_t *name,
|
||||
const dns_name_t *algorithm, dns_tsig_keyring_t *ring);
|
||||
const dns_name_t *algorithm, dns_tsigkeyring_t *ring);
|
||||
/*%<
|
||||
* Returns the TSIG key corresponding to this name and (possibly)
|
||||
* algorithm. Also increments the key's reference counter.
|
||||
@@ -241,7 +220,7 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, const dns_name_t *name,
|
||||
*/
|
||||
|
||||
isc_result_t
|
||||
dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
|
||||
dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsigkeyring_t **ringp);
|
||||
/*%<
|
||||
* Create an empty TSIG key ring.
|
||||
*
|
||||
@@ -255,7 +234,7 @@ dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
|
||||
*/
|
||||
|
||||
isc_result_t
|
||||
dns_tsigkeyring_add(dns_tsig_keyring_t *ring, const dns_name_t *name,
|
||||
dns_tsigkeyring_add(dns_tsigkeyring_t *ring, const dns_name_t *name,
|
||||
dns_tsigkey_t *tkey);
|
||||
/*%<
|
||||
* Place a TSIG key onto a key ring.
|
||||
@@ -270,14 +249,8 @@ dns_tsigkeyring_add(dns_tsig_keyring_t *ring, const dns_name_t *name,
|
||||
*\li Any other value indicates failure.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_tsigkeyring_attach(dns_tsig_keyring_t *source, dns_tsig_keyring_t **target);
|
||||
|
||||
void
|
||||
dns_tsigkeyring_detach(dns_tsig_keyring_t **ringp);
|
||||
|
||||
isc_result_t
|
||||
dns_tsigkeyring_dumpanddetach(dns_tsig_keyring_t **ringp, FILE *fp);
|
||||
dns_tsigkeyring_dumpanddetach(dns_tsigkeyring_t **ringp, FILE *fp);
|
||||
|
||||
/*%<
|
||||
* Destroy a TSIG key ring.
|
||||
@@ -287,6 +260,33 @@ dns_tsigkeyring_dumpanddetach(dns_tsig_keyring_t **ringp, FILE *fp);
|
||||
*/
|
||||
|
||||
void
|
||||
dns_tsigkeyring_restore(dns_tsig_keyring_t *ring, FILE *fp);
|
||||
dns_tsigkeyring_restore(dns_tsigkeyring_t *ring, FILE *fp);
|
||||
/*%<
|
||||
* Restore a TSIG keyring from a dump file 'fp'.
|
||||
*/
|
||||
|
||||
#if DNS_TSIG_TRACE
|
||||
#define dns_tsigkey_ref(ptr) dns_tsigkey__ref(ptr, __func__, __FILE__, __LINE__)
|
||||
#define dns_tsigkey_unref(ptr) \
|
||||
dns_tsigkey__unref(ptr, __func__, __FILE__, __LINE__)
|
||||
#define dns_tsigkey_attach(ptr, ptrp) \
|
||||
dns_tsigkey__attach(ptr, ptrp, __func__, __FILE__, __LINE__)
|
||||
#define dns_tsigkey_detach(ptrp) \
|
||||
dns_tsigkey__detach(ptrp, __func__, __FILE__, __LINE__)
|
||||
ISC_REFCOUNT_TRACE_DECL(dns_tsigkey);
|
||||
|
||||
#define dns_tsigkeyring_ref(ptr) \
|
||||
dns_tsigkeyring__ref(ptr, __func__, __FILE__, __LINE__)
|
||||
#define dns_tsigkeyring_unref(ptr) \
|
||||
dns_tsigkeyring__unref(ptr, __func__, __FILE__, __LINE__)
|
||||
#define dns_tsigkeyring_attach(ptr, ptrp) \
|
||||
dns_tsigkeyring__attach(ptr, ptrp, __func__, __FILE__, __LINE__)
|
||||
#define dns_tsigkeyring_detach(ptrp) \
|
||||
dns_tsigkeyring__detach(ptrp, __func__, __FILE__, __LINE__)
|
||||
ISC_REFCOUNT_TRACE_DECL(dns_tsigkeyring);
|
||||
#else
|
||||
ISC_REFCOUNT_DECL(dns_tsigkey);
|
||||
ISC_REFCOUNT_DECL(dns_tsigkeyring);
|
||||
#endif
|
||||
|
||||
ISC_LANG_ENDDECLS
|
||||
|
||||
@@ -147,7 +147,7 @@ typedef struct dns_tkeyctx dns_tkeyctx_t;
|
||||
typedef struct dns_transport dns_transport_t;
|
||||
typedef struct dns_transport_list dns_transport_list_t;
|
||||
typedef uint16_t dns_trust_t;
|
||||
typedef struct dns_tsig_keyring dns_tsig_keyring_t;
|
||||
typedef struct dns_tsigkeyring dns_tsigkeyring_t;
|
||||
typedef struct dns_tsigkey dns_tsigkey_t;
|
||||
typedef uint32_t dns_ttl_t;
|
||||
typedef struct dns_update_state dns_update_state_t;
|
||||
|
||||
@@ -108,8 +108,8 @@ struct dns_view {
|
||||
|
||||
/* Configurable data. */
|
||||
dns_transport_list_t *transports;
|
||||
dns_tsig_keyring_t *statickeys;
|
||||
dns_tsig_keyring_t *dynamickeys;
|
||||
dns_tsigkeyring_t *statickeys;
|
||||
dns_tsigkeyring_t *dynamickeys;
|
||||
dns_peerlist_t *peers;
|
||||
dns_order_t *order;
|
||||
dns_fwdtable_t *fwdtable;
|
||||
@@ -433,9 +433,9 @@ void
|
||||
dns_view_settransports(dns_view_t *view, dns_transport_list_t *list);
|
||||
|
||||
void
|
||||
dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring);
|
||||
dns_view_setkeyring(dns_view_t *view, dns_tsigkeyring_t *ring);
|
||||
void
|
||||
dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring);
|
||||
dns_view_setdynamickeyring(dns_view_t *view, dns_tsigkeyring_t *ring);
|
||||
/*%<
|
||||
* Set the view's static TSIG keys
|
||||
*
|
||||
@@ -452,7 +452,7 @@ dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring);
|
||||
*/
|
||||
|
||||
void
|
||||
dns_view_getdynamickeyring(dns_view_t *view, dns_tsig_keyring_t **ringp);
|
||||
dns_view_getdynamickeyring(dns_view_t *view, dns_tsigkeyring_t **ringp);
|
||||
/*%<
|
||||
* Return the views dynamic keys.
|
||||
*
|
||||
|
||||
@@ -174,7 +174,7 @@ free_namelist(dns_message_t *msg, dns_namelist_t *namelist) {
|
||||
static isc_result_t
|
||||
process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
|
||||
dns_tkeyctx_t *tctx, dns_rdata_tkey_t *tkeyout,
|
||||
dns_tsig_keyring_t *ring) {
|
||||
dns_tsigkeyring_t *ring) {
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
dst_key_t *dstkey = NULL;
|
||||
dns_tsigkey_t *tsigkey = NULL;
|
||||
@@ -327,7 +327,7 @@ failure:
|
||||
static isc_result_t
|
||||
process_deletetkey(dns_name_t *signer, dns_name_t *name,
|
||||
dns_rdata_tkey_t *tkeyin, dns_rdata_tkey_t *tkeyout,
|
||||
dns_tsig_keyring_t *ring) {
|
||||
dns_tsigkeyring_t *ring) {
|
||||
isc_result_t result;
|
||||
dns_tsigkey_t *tsigkey = NULL;
|
||||
const dns_name_t *identity;
|
||||
@@ -353,7 +353,7 @@ process_deletetkey(dns_name_t *signer, dns_name_t *name,
|
||||
* was not generated with TKEY and is in the config file, it may be
|
||||
* reloaded later.
|
||||
*/
|
||||
dns_tsigkey_setdeleted(tsigkey);
|
||||
dns_tsigkey_delete(tsigkey);
|
||||
|
||||
/* Release the reference */
|
||||
dns_tsigkey_detach(&tsigkey);
|
||||
@@ -363,7 +363,7 @@ process_deletetkey(dns_name_t *signer, dns_name_t *name,
|
||||
|
||||
isc_result_t
|
||||
dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
|
||||
dns_tsig_keyring_t *ring) {
|
||||
dns_tsigkeyring_t *ring) {
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
dns_rdata_tkey_t tkeyin, tkeyout;
|
||||
bool freetkeyin = false;
|
||||
@@ -729,7 +729,7 @@ find_tkey(dns_message_t *msg, dns_name_t **name, dns_rdata_t *rdata,
|
||||
isc_result_t
|
||||
dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
|
||||
const dns_name_t *server, dns_gss_ctx_id_t *context,
|
||||
dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring,
|
||||
dns_tsigkey_t **outkey, dns_tsigkeyring_t *ring,
|
||||
char **err_message) {
|
||||
dns_rdata_t rtkeyrdata = DNS_RDATA_INIT, qtkeyrdata = DNS_RDATA_INIT;
|
||||
dns_name_t *tkeyname;
|
||||
|
||||
111
lib/dns/tsig.c
111
lib/dns/tsig.c
@@ -112,9 +112,7 @@ tsig_log(dns_tsigkey_t *key, int level, const char *fmt, ...)
|
||||
ISC_FORMAT_PRINTF(3, 4);
|
||||
|
||||
static void
|
||||
cleanup_ring(dns_tsig_keyring_t *ring);
|
||||
static void
|
||||
tsigkey_free(dns_tsigkey_t *key);
|
||||
cleanup_ring(dns_tsigkeyring_t *ring);
|
||||
|
||||
bool
|
||||
dns__tsig_algvalid(unsigned int alg) {
|
||||
@@ -194,7 +192,7 @@ adjust_lru(dns_tsigkey_t *tkey) {
|
||||
* counter: it's protected by a separate lock.
|
||||
*/
|
||||
static isc_result_t
|
||||
keyring_add(dns_tsig_keyring_t *ring, const dns_name_t *name,
|
||||
keyring_add(dns_tsigkeyring_t *ring, const dns_name_t *name,
|
||||
dns_tsigkey_t *tkey) {
|
||||
isc_result_t result;
|
||||
|
||||
@@ -237,7 +235,7 @@ dns_tsigkey_createfromkey(const dns_name_t *name, const dns_name_t *algorithm,
|
||||
dst_key_t *dstkey, bool generated, bool restored,
|
||||
const dns_name_t *creator, isc_stdtime_t inception,
|
||||
isc_stdtime_t expire, isc_mem_t *mctx,
|
||||
dns_tsig_keyring_t *ring, dns_tsigkey_t **key) {
|
||||
dns_tsigkeyring_t *ring, dns_tsigkey_t **key) {
|
||||
dns_tsigkey_t *tkey = NULL;
|
||||
isc_result_t ret;
|
||||
unsigned int refs = 0;
|
||||
@@ -305,7 +303,7 @@ dns_tsigkey_createfromkey(const dns_name_t *name, const dns_name_t *algorithm,
|
||||
refs++;
|
||||
}
|
||||
|
||||
isc_refcount_init(&tkey->refs, refs);
|
||||
isc_refcount_init(&tkey->references, refs);
|
||||
isc_mem_attach(mctx, &tkey->mctx);
|
||||
|
||||
tkey->magic = TSIG_MAGIC;
|
||||
@@ -348,9 +346,9 @@ dns_tsigkey_createfromkey(const dns_name_t *name, const dns_name_t *algorithm,
|
||||
cleanup_refs:
|
||||
tkey->magic = 0;
|
||||
while (refs-- > 0) {
|
||||
isc_refcount_decrement0(&tkey->refs);
|
||||
isc_refcount_decrement0(&tkey->references);
|
||||
}
|
||||
isc_refcount_destroy(&tkey->refs);
|
||||
isc_refcount_destroy(&tkey->references);
|
||||
|
||||
if (tkey->key != NULL) {
|
||||
dst_key_free(&tkey->key);
|
||||
@@ -377,7 +375,7 @@ cleanup_name:
|
||||
* Find a few nodes to destroy if possible.
|
||||
*/
|
||||
static void
|
||||
cleanup_ring(dns_tsig_keyring_t *ring) {
|
||||
cleanup_ring(dns_tsigkeyring_t *ring) {
|
||||
isc_result_t result;
|
||||
dns_rbtnodechain_t chain;
|
||||
dns_name_t foundname;
|
||||
@@ -407,7 +405,7 @@ again:
|
||||
tkey = node->data;
|
||||
if (tkey != NULL) {
|
||||
if (tkey->generated &&
|
||||
isc_refcount_current(&tkey->refs) == 1 &&
|
||||
isc_refcount_current(&tkey->references) == 1 &&
|
||||
tkey->inception != tkey->expire &&
|
||||
tkey->expire < now)
|
||||
{
|
||||
@@ -427,13 +425,19 @@ again:
|
||||
}
|
||||
|
||||
static void
|
||||
destroyring(dns_tsig_keyring_t *ring) {
|
||||
destroyring(dns_tsigkeyring_t *ring) {
|
||||
isc_refcount_destroy(&ring->references);
|
||||
dns_rbt_destroy(&ring->keys);
|
||||
isc_rwlock_destroy(&ring->lock);
|
||||
isc_mem_putanddetach(&ring->mctx, ring, sizeof(dns_tsig_keyring_t));
|
||||
isc_mem_putanddetach(&ring->mctx, ring, sizeof(dns_tsigkeyring_t));
|
||||
}
|
||||
|
||||
#if DNS_TSIG_TRACE
|
||||
ISC_REFCOUNT_TRACE_IMPL(dns_tsigkeyring, destroyring);
|
||||
#else
|
||||
ISC_REFCOUNT_IMPL(dns_tsigkeyring, destroyring);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Look up the DST_ALG_ constant for a given name.
|
||||
*/
|
||||
@@ -489,7 +493,7 @@ dns__tsig_algallocated(const dns_name_t *algorithm) {
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
restore_key(dns_tsig_keyring_t *ring, isc_stdtime_t now, FILE *fp) {
|
||||
restore_key(dns_tsigkeyring_t *ring, isc_stdtime_t now, FILE *fp) {
|
||||
dst_key_t *dstkey = NULL;
|
||||
char namestr[1024];
|
||||
char creatorstr[1024];
|
||||
@@ -588,14 +592,14 @@ dump_key(dns_tsigkey_t *tkey, FILE *fp) {
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
dns_tsigkeyring_dumpanddetach(dns_tsig_keyring_t **ringp, FILE *fp) {
|
||||
dns_tsigkeyring_dumpanddetach(dns_tsigkeyring_t **ringp, FILE *fp) {
|
||||
isc_result_t result;
|
||||
dns_rbtnodechain_t chain;
|
||||
dns_name_t foundname;
|
||||
dns_fixedname_t fixedorigin;
|
||||
dns_name_t *origin = NULL;
|
||||
isc_stdtime_t now = isc_stdtime_now();
|
||||
dns_tsig_keyring_t *ring = NULL;
|
||||
dns_tsigkeyring_t *ring = NULL;
|
||||
|
||||
REQUIRE(ringp != NULL && *ringp != NULL);
|
||||
|
||||
@@ -693,17 +697,8 @@ dns_tsigkey_create(const dns_name_t *name, const dns_name_t *algorithm,
|
||||
return (result);
|
||||
}
|
||||
|
||||
void
|
||||
dns_tsigkey_attach(dns_tsigkey_t *source, dns_tsigkey_t **targetp) {
|
||||
REQUIRE(VALID_TSIG_KEY(source));
|
||||
REQUIRE(targetp != NULL && *targetp == NULL);
|
||||
|
||||
isc_refcount_increment(&source->refs);
|
||||
*targetp = source;
|
||||
}
|
||||
|
||||
static void
|
||||
tsigkey_free(dns_tsigkey_t *key) {
|
||||
destroy_tsigkey(dns_tsigkey_t *key) {
|
||||
REQUIRE(VALID_TSIG_KEY(key));
|
||||
|
||||
key->magic = 0;
|
||||
@@ -723,20 +718,14 @@ tsigkey_free(dns_tsigkey_t *key) {
|
||||
isc_mem_putanddetach(&key->mctx, key, sizeof(dns_tsigkey_t));
|
||||
}
|
||||
|
||||
void
|
||||
dns_tsigkey_detach(dns_tsigkey_t **keyp) {
|
||||
REQUIRE(keyp != NULL && VALID_TSIG_KEY(*keyp));
|
||||
dns_tsigkey_t *key = *keyp;
|
||||
*keyp = NULL;
|
||||
|
||||
if (isc_refcount_decrement(&key->refs) == 1) {
|
||||
isc_refcount_destroy(&key->refs);
|
||||
tsigkey_free(key);
|
||||
}
|
||||
}
|
||||
#if DNS_TSIG_TRACE
|
||||
ISC_REFCOUNT_TRACE_IMPL(dns_tsigkey, destroy_tsigkey);
|
||||
#else
|
||||
ISC_REFCOUNT_IMPL(dns_tsigkey, destroy_tsigkey);
|
||||
#endif
|
||||
|
||||
void
|
||||
dns_tsigkey_setdeleted(dns_tsigkey_t *key) {
|
||||
dns_tsigkey_delete(dns_tsigkey_t *key) {
|
||||
REQUIRE(VALID_TSIG_KEY(key));
|
||||
REQUIRE(key->ring != NULL);
|
||||
|
||||
@@ -1045,7 +1034,7 @@ cleanup_context:
|
||||
|
||||
isc_result_t
|
||||
dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
|
||||
dns_tsig_keyring_t *ring1, dns_tsig_keyring_t *ring2) {
|
||||
dns_tsigkeyring_t *ring1, dns_tsigkeyring_t *ring2) {
|
||||
dns_rdata_any_tsig_t tsig, querytsig;
|
||||
isc_region_t r, source_r, header_r, sig_r;
|
||||
isc_buffer_t databuf;
|
||||
@@ -1722,7 +1711,7 @@ cleanup_querystruct:
|
||||
|
||||
isc_result_t
|
||||
dns_tsigkey_find(dns_tsigkey_t **tsigkey, const dns_name_t *name,
|
||||
const dns_name_t *algorithm, dns_tsig_keyring_t *ring) {
|
||||
const dns_name_t *algorithm, dns_tsigkeyring_t *ring) {
|
||||
dns_tsigkey_t *key = NULL;
|
||||
isc_stdtime_t now = isc_stdtime_now();
|
||||
isc_result_t result;
|
||||
@@ -1756,7 +1745,7 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, const dns_name_t *name,
|
||||
RWUNLOCK(&ring->lock, isc_rwlocktype_write);
|
||||
return (ISC_R_NOTFOUND);
|
||||
}
|
||||
isc_refcount_increment(&key->refs);
|
||||
isc_refcount_increment(&key->references);
|
||||
RWUNLOCK(&ring->lock, isc_rwlocktype_read);
|
||||
adjust_lru(key);
|
||||
*tsigkey = key;
|
||||
@@ -1778,16 +1767,16 @@ free_tsignode(void *node, void *arg ISC_ATTR_UNUSED) {
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp) {
|
||||
dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsigkeyring_t **ringp) {
|
||||
isc_result_t result;
|
||||
dns_tsig_keyring_t *ring = NULL;
|
||||
dns_tsigkeyring_t *ring = NULL;
|
||||
|
||||
REQUIRE(mctx != NULL);
|
||||
REQUIRE(ringp != NULL);
|
||||
REQUIRE(*ringp == NULL);
|
||||
|
||||
ring = isc_mem_get(mctx, sizeof(dns_tsig_keyring_t));
|
||||
*ring = (dns_tsig_keyring_t){
|
||||
ring = isc_mem_get(mctx, sizeof(dns_tsigkeyring_t));
|
||||
*ring = (dns_tsigkeyring_t){
|
||||
.maxgenerated = DNS_TSIG_MAXGENERATEDKEYS,
|
||||
.lru = ISC_LIST_INITIALIZER,
|
||||
};
|
||||
@@ -1795,7 +1784,7 @@ dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp) {
|
||||
result = dns_rbt_create(mctx, free_tsignode, NULL, &ring->keys);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
isc_rwlock_destroy(&ring->lock);
|
||||
isc_mem_put(mctx, ring, sizeof(dns_tsig_keyring_t));
|
||||
isc_mem_put(mctx, ring, sizeof(dns_tsigkeyring_t));
|
||||
return (result);
|
||||
}
|
||||
|
||||
@@ -1808,7 +1797,7 @@ dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp) {
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
dns_tsigkeyring_add(dns_tsig_keyring_t *ring, const dns_name_t *name,
|
||||
dns_tsigkeyring_add(dns_tsigkeyring_t *ring, const dns_name_t *name,
|
||||
dns_tsigkey_t *tkey) {
|
||||
isc_result_t result;
|
||||
|
||||
@@ -1818,40 +1807,14 @@ dns_tsigkeyring_add(dns_tsig_keyring_t *ring, const dns_name_t *name,
|
||||
|
||||
result = keyring_add(ring, name, tkey);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
isc_refcount_increment(&tkey->refs);
|
||||
isc_refcount_increment(&tkey->references);
|
||||
}
|
||||
|
||||
return (result);
|
||||
}
|
||||
|
||||
void
|
||||
dns_tsigkeyring_attach(dns_tsig_keyring_t *source,
|
||||
dns_tsig_keyring_t **target) {
|
||||
REQUIRE(source != NULL);
|
||||
REQUIRE(target != NULL && *target == NULL);
|
||||
|
||||
isc_refcount_increment(&source->references);
|
||||
|
||||
*target = source;
|
||||
}
|
||||
|
||||
void
|
||||
dns_tsigkeyring_detach(dns_tsig_keyring_t **ringp) {
|
||||
dns_tsig_keyring_t *ring = NULL;
|
||||
|
||||
REQUIRE(ringp != NULL);
|
||||
REQUIRE(*ringp != NULL);
|
||||
|
||||
ring = *ringp;
|
||||
*ringp = NULL;
|
||||
|
||||
if (isc_refcount_decrement(&ring->references) == 1) {
|
||||
destroyring(ring);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
dns_tsigkeyring_restore(dns_tsig_keyring_t *ring, FILE *fp) {
|
||||
dns_tsigkeyring_restore(dns_tsigkeyring_t *ring, FILE *fp) {
|
||||
isc_stdtime_t now = isc_stdtime_now();
|
||||
isc_result_t result;
|
||||
|
||||
|
||||
@@ -692,7 +692,7 @@ dns_view_settransports(dns_view_t *view, dns_transport_list_t *list) {
|
||||
}
|
||||
|
||||
void
|
||||
dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
|
||||
dns_view_setkeyring(dns_view_t *view, dns_tsigkeyring_t *ring) {
|
||||
REQUIRE(DNS_VIEW_VALID(view));
|
||||
REQUIRE(ring != NULL);
|
||||
if (view->statickeys != NULL) {
|
||||
@@ -702,7 +702,7 @@ dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
|
||||
}
|
||||
|
||||
void
|
||||
dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
|
||||
dns_view_setdynamickeyring(dns_view_t *view, dns_tsigkeyring_t *ring) {
|
||||
REQUIRE(DNS_VIEW_VALID(view));
|
||||
REQUIRE(ring != NULL);
|
||||
if (view->dynamickeys != NULL) {
|
||||
@@ -712,7 +712,7 @@ dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
|
||||
}
|
||||
|
||||
void
|
||||
dns_view_getdynamickeyring(dns_view_t *view, dns_tsig_keyring_t **ringp) {
|
||||
dns_view_getdynamickeyring(dns_view_t *view, dns_tsigkeyring_t **ringp) {
|
||||
REQUIRE(DNS_VIEW_VALID(view));
|
||||
REQUIRE(ringp != NULL && *ringp == NULL);
|
||||
if (view->dynamickeys != NULL) {
|
||||
|
||||
@@ -271,7 +271,7 @@ ISC_RUN_TEST_IMPL(tsig_tcp) {
|
||||
dns_fixedname_t fkeyname;
|
||||
dns_message_t *msg = NULL;
|
||||
dns_name_t *keyname;
|
||||
dns_tsig_keyring_t *ring = NULL;
|
||||
dns_tsigkeyring_t *ring = NULL;
|
||||
dns_tsigkey_t *key = NULL;
|
||||
isc_buffer_t *buf = NULL;
|
||||
isc_buffer_t *querytsig = NULL;
|
||||
|
||||
Reference in New Issue
Block a user