add keytable, validator

lib/dns/Makefile.in

@@ -117,14 +117,14 @@ DNSSAFEOBJS =	sec/dnssafe/ahchdig.@O@ sec/dnssafe/ahchencr.@O@ \
 OBJS =		a6.@O@ acl.@O@ aclconf.@O@ adb.@O@ byaddr.@O@ \
 		cache.@O@ callbacks.@O@ compress.@O@ \
 		db.@O@ dbiterator.@O@ dbtable.@O@ dispatch.@O@ dnssec.@O@ \
-		journal.@O@ lib.@O@ log.@O@ \
+		journal.@O@ keytable.@O@ lib.@O@ log.@O@ \
 		master.@O@ masterdump.@O@ message.@O@ \
 		name.@O@ ncache.@O@ nxt.@O@ \
 		rbt.@O@ rbtdb.@O@ rbtdb64.@O@ rdata.@O@ rdatalist.@O@ \
 		rdataset.@O@ rdatasetiter.@O@ rdataslab.@O@ resolver.@O@ \
 		result.@O@ rootns.@O@ ssu.@O@ \
 		tcpmsg.@O@ time.@O@ tkey.@O@ tkeyconf.@O@ \
-		tsig.@O@ tsigconf.@O@ ttl.@O@ \
+		tsig.@O@ tsigconf.@O@ ttl.@O@ validator.@O@ \
 		version.@O@ view.@O@ xfrin.@O@ zone.@O@ zoneconf.@O@ zt.@O@ \
 		${DSTOBJS} ${OPENSSLOBJS} ${DNSSAFEOBJS} ${CONFOBJS}
 
@@ -132,14 +132,14 @@ OBJS =		a6.@O@ acl.@O@ aclconf.@O@ adb.@O@ byaddr.@O@ \
 SRCS =		a6.c acl.c aclconf.c adb.c byaddr.c \
 		cache.c callbacks.c compress.c \
 		db.c dbiterator.c dbtable.c dispatch.c dnssec.c \
-		journal.c lib.c log.c \
+		journal.c keytable.c lib.c log.c \
 		master.c masterdump.c message.c \
 		name.c ncache.c nxt.c \
 		rbt.c rbtdb.c rbtdb64.c rdata.c rdatalist.c \
 		rdataset.c rdatasetiter.c rdataslab.c resolver.c \
 		result.c rootns.c ssu.c \
 		tcpmsg.c time.c tkey.c tkeyconf.c \
-		tsig.c tsigconf.c ttl.c \
+		tsig.c tsigconf.c ttl.c validator.c \
 		version.c view.c xfrin.c zone.c zoneconf.c zt.c
 
 SUBDIRS =	include sec config

lib/dns/include/dns/Makefile.in

@@ -26,9 +26,9 @@ HEADERS =	a6.h acl.h aclconf.h adb.h byaddr.h cache.h callbacks.h \
 		confresolv.h confrrset.h confserv.h confview.h confzone.h \
 		db.h dbiterator.h dbtable.h dispatch.h \
 		dnssec.h events.h fixedname.h journal.h keyflags.h \
-		keyvalues.h lib.h log.h master.h masterdump.h message.h \
-		name.h namedconf.h ncache.h nxt.h rbt.h rcode.h rdata.h \
-		rdataclass.h rdatalist.h rdataset.h rdatasetiter.h \
+		keytable.h keyvalues.h lib.h log.h master.h masterdump.h \
+		message.h name.h namedconf.h ncache.h nxt.h rbt.h rcode.h \
+		rdata.h rdataclass.h rdatalist.h rdataset.h rdatasetiter.h \
 		rdataslab.h rdatatype.h request.h resolver.h result.h \
 		rootns.h secalg.h secproto.h ssu.h tcpmsg.h time.h tkey.h \
 		tkeyconf.h tsig.h ttl.h types.h validator.h view.h xfrin.h \

lib/dns/include/dns/keytable.h

@@ -0,0 +1,211 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_KEYTABLE_H
+#define DNS_KEYTABLE_H 1
+
+/*****
+ ***** Module Info
+ *****/
+
+/*
+ * Key Tables
+ *
+ * The keytable module provides services for storing and retrieving DNSSEC
+ * trusted keys, as well as the ability to find the deepest matching key
+ * for a given domain name.
+ *
+ * MP:
+ *	The module ensures appropriate synchronization of data structures it
+ *	creates and manipulates.
+ *
+ * Resources:
+ *	<TBS>
+ *
+ * Security:
+ *	No anticipated impact.
+ */
+
+#include <isc/types.h>
+#include <isc/lang.h>
+#include <isc/result.h>
+
+#include <dns/types.h>
+#include <dns/result.h>
+
+#include <dst/dst.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+dns_keytable_create(isc_mem_t *mctx, dns_keytable_t **keytablep);
+/*
+ * Create a keytable.
+ *
+ * Requires:
+ *
+ *	'mctx' is a valid memory context.
+ *
+ *	keytablep != NULL && *keytablep == NULL
+ *
+ * Ensures:
+ *
+ *	On success, *keytablep is a valid, empty key table.
+ *
+ * Returns:
+ *
+ *	ISC_R_SUCCESS
+ *
+ *	Any other result indicates failure.
+ */
+
+
+void
+dns_keytable_attach(dns_keytable_t *source, dns_keytable_t **targetp);
+/*
+ * Attach *targetp to source.
+ *
+ * Requires:
+ *
+ *	'source' is a valid keytable.
+ *
+ *	'targetp' points to a NULL dns_keytable_t *.
+ *
+ * Ensures:
+ *
+ *	*targetp is attached to source.
+ */
+
+void
+dns_keytable_detach(dns_keytable_t **keytablep);
+/*
+ * Detach *keytablep from its keytable.
+ *
+ * Requires:
+ *
+ *	'keytablep' points to a valid keytable.
+ *
+ * Ensures:
+ *
+ *	*keytablep is NULL.
+ *
+ *	If '*keytablep' is the last reference to the keytable,
+ *
+ *		All resources used by the keytable will be freed
+ */
+
+isc_result_t
+dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp);
+/*
+ * Add '*keyp' to 'keytable'.
+ *
+ * Notes:
+ *
+ *	Ownership of *keyp is transferred to the keytable.
+ *
+ * Requires:
+ *
+ *	keyp != NULL && *keyp is a valid dst_key_t *.
+ *
+ * Ensures:
+ *
+ *	On success, *keyp == NULL
+ *
+ * Returns:
+ *
+ *	ISC_R_SUCCESS
+ *
+ *	Any other result indicates failure.
+ */
+
+isc_result_t
+dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name,
+			 dns_secalg_t algorithm, dns_keytag_t tag,
+			 dns_keynode_t **keynodep);
+/*
+ * Search for a key named 'name', matching 'algorithm' and 'tag' in
+ * 'keytable'.
+ *
+ * Requires:
+ *
+ *	'keytable' is a valid keytable.
+ *
+ *	'name' is a valid absolute name.
+ *
+ *	keynodep != NULL && *keynodep == NULL
+ *
+ * Returns:
+ *
+ *	ISC_R_SUCCESS
+ *	ISC_R_NOTFOUND
+ *
+ *	Any other result indicates an error.
+ */
+
+void
+dns_keytable_detachkeynode(dns_keytable_t *keytable,
+			   dns_keynode_t **keynodep);
+/*
+ * Give back a keynode found via dns_keytable_findkeynode().
+ *
+ * Requires:
+ *
+ *	'keytable' is a valid keytable.
+ *
+ *	*keynodep is a valid keynode returned by a call to
+ *	dns_keytable_findkeynode().
+ *
+ * Ensures:
+ *
+ *	*keynodep == NULL
+ */
+
+isc_result_t
+dns_keytable_issecuredomain(dns_keytable_t *keytable, dns_name_t *name,
+			    isc_boolean_t *wantdnssecp);
+/*
+ * Is 'name' at or beneath a trusted key?
+ *
+ * Requires:
+ *
+ *	'keytable' is a valid keytable.
+ *
+ *	'name' is a valid absolute name.
+ *
+ *	'*wantsdnssecp' is a valid isc_boolean_t.
+ *
+ * Ensures:
+ *
+ *	On success, *wantsdnssecp will be ISC_TRUE if and only if 'name'
+ *	is at or beneath a trusted key.
+ *
+ * Returns:
+ *
+ *	ISC_R_SUCCESS
+ *
+ *	Any other result is an error.
+ */
+
+dst_key_t *
+dns_keynode_key(dns_keynode_t *keynode);
+/*
+ * Get the DST key associated with keynode.
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_KEYTABLE_H */

lib/dns/include/dns/validator.h

@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_VALIDATOR_H
+#define DNS_VALIDATOR_H 1
+
+/*****
+ ***** Module Info
+ *****/
+
+/*
+ * DNS Validator
+ *
+ * XXX <TBS> XXX
+ *
+ * MP:
+ *	The module ensures appropriate synchronization of data structures it
+ *	creates and manipulates.
+ *
+ * Reliability:
+ *	No anticipated impact.
+ *
+ * Resources:
+ *	<TBS>
+ *
+ * Security:
+ *	No anticipated impact.
+ *
+ * Standards:
+ *	RFCs:	1034, 1035, 2181, 2535, <TBS>
+ *	Drafts:	<TBS>
+ */
+
+#include <isc/types.h>
+#include <isc/lang.h>
+#include <isc/event.h>
+
+#include <dns/types.h>
+#include <dns/name.h>
+#include <dns/result.h>
+
+ISC_LANG_BEGINDECLS
+
+/*
+ * A dns_validatorevent_t is sent when a 'validation' completes.
+ *
+ * 'rdataset', 'sigrdataset', and 'message' are the values that were
+ * supplied when dns_validator_create() was called.  They are returned to the
+ * caller so that they may be freed.
+ */
+typedef struct dns_validatorevent {
+	ISC_EVENT_COMMON(struct dns_validatorevent);
+	dns_validator_t *		validator;
+	isc_result_t			result;
+	dns_rdataset_t *		rdataset;
+	dns_rdataset_t *		sigrdataset;
+	dns_message_t *			message;
+} dns_validatorevent_t;
+
+isc_result_t
+dns_validator_create(dns_view_t *view, dns_name_t *name,
+		     dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
+		     dns_message_t *message, unsigned int options,
+		     isc_task_t *task, isc_taskaction_t action, void *arg,
+		     dns_validator_t **validatorp);
+
+void
+dns_validator_cancel(dns_validator_t *validator);
+
+void
+dns_validator_destroy(dns_validator_t **validatorp);
+
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_VALIDATOR_H */

lib/dns/keytable.c

@@ -0,0 +1,336 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <stddef.h>
+#include <string.h>
+
+#include <isc/assertions.h>
+#include <isc/buffer.h>
+#include <isc/magic.h>
+#include <isc/rwlock.h>
+#include <isc/result.h>
+#include <isc/util.h>
+
+#include <dns/keytable.h>
+#include <dns/fixedname.h>
+#include <dns/name.h>
+#include <dns/rbt.h>
+
+struct dns_keytable {
+	/* Unlocked. */
+        unsigned int		magic;
+	isc_mem_t		*mctx;
+	isc_mutex_t		lock;
+	isc_rwlock_t		rwlock;
+	/* Locked by lock. */
+	isc_uint32_t		active_nodes;
+	/* Locked by rwlock. */
+	isc_uint32_t		references;
+	dns_rbt_t		*table; 
+};
+
+#define KEYTABLEMAGIC			0x4b54626cU	/* KTbl */
+#define VALID_KEYTABLE(kt)	 	ISC_MAGIC_VALID(kt, KEYTABLEMAGIC)
+
+struct dns_keynode {
+        unsigned int		magic;
+	dst_key_t *		key;
+	struct dns_keynode *	next;
+};
+
+#define KEYNODEMAGIC			0x4b4e6f64U	/* KNod */
+#define VALID_KEYNODE(kn)	 	ISC_MAGIC_VALID(kn, KEYNODEMAGIC)
+
+isc_result_t
+dns_keytable_create(isc_mem_t *mctx, dns_keytable_t **keytablep) {
+	dns_keytable_t *keytable;
+	isc_result_t result;
+
+	/*
+	 * Create a keytable.
+	 */
+
+	REQUIRE(keytablep != NULL && *keytablep == NULL);
+
+	keytable = isc_mem_get(mctx, sizeof *keytable);
+	if (keytable == NULL)
+		return (DNS_R_NOMEMORY);
+
+	keytable->table = NULL;
+	result = dns_rbt_create(mctx, NULL, NULL, &keytable->table);
+	if (result != ISC_R_SUCCESS)
+		goto cleanup_keytable;
+
+	result = isc_mutex_init(&keytable->lock);
+	if (result != ISC_R_SUCCESS) {
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "isc_mutex_init() failed: %s",
+				 isc_result_totext(result));
+		result = ISC_R_UNEXPECTED;
+		goto cleanup_rbt;
+	}
+
+	result = isc_rwlock_init(&keytable->rwlock, 0, 0);
+	if (result != ISC_R_SUCCESS) {
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "isc_rwlock_init() failed: %s",
+				 isc_result_totext(result));
+		result = ISC_R_UNEXPECTED;
+		goto cleanup_lock;
+	}
+
+	keytable->mctx = mctx;
+	keytable->active_nodes = 0;
+	keytable->references = 1;
+	keytable->magic = KEYTABLEMAGIC;
+	*keytablep = keytable;
+
+	return (ISC_R_SUCCESS);
+
+   cleanup_lock:
+	isc_mutex_destroy(&keytable->lock);
+
+   cleanup_rbt:
+	dns_rbt_destroy(&keytable->table);
+
+   cleanup_keytable:
+	isc_mem_put(mctx, keytable, sizeof *keytable);
+
+	return (result);
+}
+
+
+void
+dns_keytable_attach(dns_keytable_t *source, dns_keytable_t **targetp) {
+
+	/*
+	 * Attach *targetp to source.
+	 */
+
+	REQUIRE(VALID_KEYTABLE(source));
+	REQUIRE(targetp != NULL && *targetp == NULL);
+
+	RWLOCK(&source->rwlock, isc_rwlocktype_write);
+
+	INSIST(source->references > 0);
+	source->references++;
+	INSIST(source->references != 0);
+
+	RWUNLOCK(&source->rwlock, isc_rwlocktype_write);
+
+	*targetp = source;
+}
+
+void
+dns_keytable_detach(dns_keytable_t **keytablep) {
+	isc_boolean_t destroy = ISC_FALSE;
+	dns_keytable_t *keytable;
+
+	/*
+	 * Detach *keytablep from its keytable.
+	 */
+
+	REQUIRE(keytablep != NULL && VALID_KEYTABLE(*keytablep));
+
+	keytable = *keytablep;
+
+	RWLOCK(&keytable->rwlock, isc_rwlocktype_write);
+	
+	INSIST(keytable->references > 0);
+	keytable->references--;
+	LOCK(&keytable->lock);
+	if (keytable->references == 0 && keytable->active_nodes == 0)
+		destroy = ISC_TRUE;
+	UNLOCK(&keytable->lock);
+
+	RWUNLOCK(&keytable->rwlock, isc_rwlocktype_write);
+
+	if (destroy) {
+		dns_rbt_destroy(&keytable->table);
+		isc_rwlock_destroy(&keytable->rwlock);
+		isc_mutex_destroy(&keytable->lock);
+		keytable->magic = 0;
+		isc_mem_put(keytable->mctx, keytable, sizeof *keytable);
+	}
+
+	*keytablep = NULL;
+}
+
+isc_result_t
+dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) {
+	isc_result_t result;
+	dns_keynode_t *knode;
+	dns_rbtnode_t *node;
+	dns_fixedname_t fname;
+	char *keyname;
+	isc_buffer_t buffer;
+	size_t len;
+
+	/*
+	 * Add '*keyp' to 'keytable'.
+	 */
+
+	REQUIRE(VALID_KEYTABLE(keytable));
+	REQUIRE(keyp != NULL);
+
+	keyname = dst_key_name(*keyp);
+	INSIST(keyname != NULL);
+	len = strlen(keyname);
+	isc_buffer_init(&buffer, keyname, len, ISC_BUFFERTYPE_TEXT);
+	isc_buffer_add(&buffer, len);
+	dns_fixedname_init(&fname);
+	result = dns_name_fromtext(dns_fixedname_name(&fname), &buffer,
+				   dns_rootname, ISC_FALSE, NULL);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	knode = isc_mem_get(keytable->mctx, sizeof *knode);
+	if (knode == NULL)
+		return (ISC_R_NOMEMORY);
+
+	RWLOCK(&keytable->rwlock, isc_rwlocktype_write);
+
+	node = NULL;
+	result = dns_rbt_addnode(keytable->table, dns_fixedname_name(&fname),
+				 &node);
+
+	if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) {
+		knode->key = *keyp;
+		knode->next = node->data;
+		node->data = knode;
+		*keyp = NULL;
+		knode = NULL;
+	}
+
+	RWUNLOCK(&keytable->rwlock, isc_rwlocktype_write);
+
+	if (knode != NULL)
+		isc_mem_put(keytable->mctx, knode, sizeof *knode);
+
+	return (result);
+}
+
+isc_result_t
+dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name,
+			 dns_secalg_t algorithm, dns_keytag_t tag,
+			 dns_keynode_t **keynodep)
+{
+	isc_result_t result;
+	dns_keynode_t *knode;
+	void *data;
+
+	/*
+	 * Search for a key named 'name', matching 'algorithm' and 'tag' in
+	 * 'keytable'.
+	 */
+
+	REQUIRE(VALID_KEYTABLE(keytable));
+	REQUIRE(dns_name_isabsolute(name));
+	REQUIRE(keynodep != NULL && *keynodep == NULL);
+
+	RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
+
+	knode = NULL;
+	data = NULL;
+	result = dns_rbt_findname(keytable->table, name, NULL, &data);
+
+	if (result == ISC_R_SUCCESS) {
+		INSIST(data != NULL);
+		for (knode = data; knode != NULL; knode = knode->next) {
+			if (algorithm == (dns_secalg_t)dst_key_alg(knode->key)
+			    && tag == (dns_keytag_t)dst_key_id(knode->key))
+				break;
+		}
+		if (knode != NULL) {
+			LOCK(&keytable->lock);
+			keytable->active_nodes++;
+			UNLOCK(&keytable->lock);
+			*keynodep = knode;
+		} else
+			result = ISC_R_NOTFOUND;
+	} else if (result == DNS_R_PARTIALMATCH)
+		result = ISC_R_NOTFOUND;
+
+	RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
+
+	return (result);
+}
+
+void
+dns_keytable_detachkeynode(dns_keytable_t *keytable,
+			   dns_keynode_t **keynodep)
+{
+	/*
+	 * Give back a keynode found via dns_keytable_findkeynode().
+	 */
+
+	REQUIRE(VALID_KEYTABLE(keytable));
+	REQUIRE(keynodep != NULL && VALID_KEYNODE(*keynodep));
+
+	LOCK(&keytable->lock);
+	INSIST(keytable->active_nodes > 0);
+	keytable->active_nodes--;
+	UNLOCK(&keytable->lock);
+
+	*keynodep = NULL;
+}
+
+isc_result_t
+dns_keytable_issecuredomain(dns_keytable_t *keytable, dns_name_t *name,
+			    isc_boolean_t *wantdnssecp)
+{
+	isc_result_t result;
+	void *data;
+
+	/*
+	 * Is 'name' at or beneath a trusted key?
+	 */
+
+	REQUIRE(VALID_KEYTABLE(keytable));
+	REQUIRE(dns_name_isabsolute(name));
+	REQUIRE(wantdnssecp != NULL);
+
+	RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
+
+	data = NULL;
+	result = dns_rbt_findname(keytable->table, name, NULL, &data);
+
+	if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
+		INSIST(data != NULL);
+		*wantdnssecp = ISC_TRUE;
+	} else if (result == ISC_R_NOTFOUND) {
+		*wantdnssecp = ISC_FALSE;
+	}
+
+	RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
+
+	return (result);
+}
+
+dst_key_t *
+dns_keynode_key(dns_keynode_t *keynode) {
+
+	/*
+	 * Get the DST key associated with keynode.
+	 */
+
+	REQUIRE(VALID_KEYNODE(keynode));
+
+	return (keynode->key);
+}

lib/dns/validator.c

@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include <dns/validator.h>
+
+isc_result_t
+dns_validator_create(dns_view_t *view, dns_name_t *name,
+		     dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
+		     dns_message_t *message, unsigned int options,
+		     isc_task_t *task, isc_taskaction_t action, void *arg,
+		     dns_validator_t **validatorp)
+{
+	REQUIRE(validatorp != NULL && *validatorp == NULL);
+
+	(void)view;
+	(void)name;
+	(void)rdataset;
+	(void)sigrdataset;
+	(void)message;
+	(void)options;
+	(void)task;
+	(void)action;
+	(void)arg;
+
+	return (ISC_R_NOTIMPLEMENTED);
+}
+
+void
+dns_validator_cancel(dns_validator_t *validator) {
+	(void)validator;
+}
+
+void
+dns_validator_destroy(dns_validator_t **validatorp) {
+	(void)validatorp;
+}