From bf43fdafa3bff9e84cb03f1a19aca74514d2516e Mon Sep 17 00:00:00 2001 From: Bob Halley Date: Wed, 23 Feb 2000 23:31:33 +0000 Subject: [PATCH] add keytable, validator --- lib/dns/Makefile.in | 8 +- lib/dns/include/dns/Makefile.in | 6 +- lib/dns/include/dns/keytable.h | 211 ++++++++++++++++++++ lib/dns/include/dns/validator.h | 89 +++++++++ lib/dns/keytable.c | 336 ++++++++++++++++++++++++++++++++ lib/dns/validator.c | 50 +++++ 6 files changed, 693 insertions(+), 7 deletions(-) create mode 100644 lib/dns/include/dns/keytable.h create mode 100644 lib/dns/include/dns/validator.h create mode 100644 lib/dns/keytable.c create mode 100644 lib/dns/validator.c diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in index 15bc82cdcb..c87d9694d3 100644 --- a/lib/dns/Makefile.in +++ b/lib/dns/Makefile.in @@ -117,14 +117,14 @@ DNSSAFEOBJS = sec/dnssafe/ahchdig.@O@ sec/dnssafe/ahchencr.@O@ \ OBJS = a6.@O@ acl.@O@ aclconf.@O@ adb.@O@ byaddr.@O@ \ cache.@O@ callbacks.@O@ compress.@O@ \ db.@O@ dbiterator.@O@ dbtable.@O@ dispatch.@O@ dnssec.@O@ \ - journal.@O@ lib.@O@ log.@O@ \ + journal.@O@ keytable.@O@ lib.@O@ log.@O@ \ master.@O@ masterdump.@O@ message.@O@ \ name.@O@ ncache.@O@ nxt.@O@ \ rbt.@O@ rbtdb.@O@ rbtdb64.@O@ rdata.@O@ rdatalist.@O@ \ rdataset.@O@ rdatasetiter.@O@ rdataslab.@O@ resolver.@O@ \ result.@O@ rootns.@O@ ssu.@O@ \ tcpmsg.@O@ time.@O@ tkey.@O@ tkeyconf.@O@ \ - tsig.@O@ tsigconf.@O@ ttl.@O@ \ + tsig.@O@ tsigconf.@O@ ttl.@O@ validator.@O@ \ version.@O@ view.@O@ xfrin.@O@ zone.@O@ zoneconf.@O@ zt.@O@ \ ${DSTOBJS} ${OPENSSLOBJS} ${DNSSAFEOBJS} ${CONFOBJS} @@ -132,14 +132,14 @@ OBJS = a6.@O@ acl.@O@ aclconf.@O@ adb.@O@ byaddr.@O@ \ SRCS = a6.c acl.c aclconf.c adb.c byaddr.c \ cache.c callbacks.c compress.c \ db.c dbiterator.c dbtable.c dispatch.c dnssec.c \ - journal.c lib.c log.c \ + journal.c keytable.c lib.c log.c \ master.c masterdump.c message.c \ name.c ncache.c nxt.c \ rbt.c rbtdb.c rbtdb64.c rdata.c rdatalist.c \ rdataset.c rdatasetiter.c rdataslab.c resolver.c \ result.c rootns.c ssu.c \ tcpmsg.c time.c tkey.c tkeyconf.c \ - tsig.c tsigconf.c ttl.c \ + tsig.c tsigconf.c ttl.c validator.c \ version.c view.c xfrin.c zone.c zoneconf.c zt.c SUBDIRS = include sec config diff --git a/lib/dns/include/dns/Makefile.in b/lib/dns/include/dns/Makefile.in index da32795ba9..16d812de6e 100644 --- a/lib/dns/include/dns/Makefile.in +++ b/lib/dns/include/dns/Makefile.in @@ -26,9 +26,9 @@ HEADERS = a6.h acl.h aclconf.h adb.h byaddr.h cache.h callbacks.h \ confresolv.h confrrset.h confserv.h confview.h confzone.h \ db.h dbiterator.h dbtable.h dispatch.h \ dnssec.h events.h fixedname.h journal.h keyflags.h \ - keyvalues.h lib.h log.h master.h masterdump.h message.h \ - name.h namedconf.h ncache.h nxt.h rbt.h rcode.h rdata.h \ - rdataclass.h rdatalist.h rdataset.h rdatasetiter.h \ + keytable.h keyvalues.h lib.h log.h master.h masterdump.h \ + message.h name.h namedconf.h ncache.h nxt.h rbt.h rcode.h \ + rdata.h rdataclass.h rdatalist.h rdataset.h rdatasetiter.h \ rdataslab.h rdatatype.h request.h resolver.h result.h \ rootns.h secalg.h secproto.h ssu.h tcpmsg.h time.h tkey.h \ tkeyconf.h tsig.h ttl.h types.h validator.h view.h xfrin.h \ diff --git a/lib/dns/include/dns/keytable.h b/lib/dns/include/dns/keytable.h new file mode 100644 index 0000000000..49c35dcb31 --- /dev/null +++ b/lib/dns/include/dns/keytable.h @@ -0,0 +1,211 @@ +/* + * Copyright (C) 2000 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +#ifndef DNS_KEYTABLE_H +#define DNS_KEYTABLE_H 1 + +/***** + ***** Module Info + *****/ + +/* + * Key Tables + * + * The keytable module provides services for storing and retrieving DNSSEC + * trusted keys, as well as the ability to find the deepest matching key + * for a given domain name. + * + * MP: + * The module ensures appropriate synchronization of data structures it + * creates and manipulates. + * + * Resources: + * + * + * Security: + * No anticipated impact. + */ + +#include +#include +#include + +#include +#include + +#include + +ISC_LANG_BEGINDECLS + +isc_result_t +dns_keytable_create(isc_mem_t *mctx, dns_keytable_t **keytablep); +/* + * Create a keytable. + * + * Requires: + * + * 'mctx' is a valid memory context. + * + * keytablep != NULL && *keytablep == NULL + * + * Ensures: + * + * On success, *keytablep is a valid, empty key table. + * + * Returns: + * + * ISC_R_SUCCESS + * + * Any other result indicates failure. + */ + + +void +dns_keytable_attach(dns_keytable_t *source, dns_keytable_t **targetp); +/* + * Attach *targetp to source. + * + * Requires: + * + * 'source' is a valid keytable. + * + * 'targetp' points to a NULL dns_keytable_t *. + * + * Ensures: + * + * *targetp is attached to source. + */ + +void +dns_keytable_detach(dns_keytable_t **keytablep); +/* + * Detach *keytablep from its keytable. + * + * Requires: + * + * 'keytablep' points to a valid keytable. + * + * Ensures: + * + * *keytablep is NULL. + * + * If '*keytablep' is the last reference to the keytable, + * + * All resources used by the keytable will be freed + */ + +isc_result_t +dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp); +/* + * Add '*keyp' to 'keytable'. + * + * Notes: + * + * Ownership of *keyp is transferred to the keytable. + * + * Requires: + * + * keyp != NULL && *keyp is a valid dst_key_t *. + * + * Ensures: + * + * On success, *keyp == NULL + * + * Returns: + * + * ISC_R_SUCCESS + * + * Any other result indicates failure. + */ + +isc_result_t +dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name, + dns_secalg_t algorithm, dns_keytag_t tag, + dns_keynode_t **keynodep); +/* + * Search for a key named 'name', matching 'algorithm' and 'tag' in + * 'keytable'. + * + * Requires: + * + * 'keytable' is a valid keytable. + * + * 'name' is a valid absolute name. + * + * keynodep != NULL && *keynodep == NULL + * + * Returns: + * + * ISC_R_SUCCESS + * ISC_R_NOTFOUND + * + * Any other result indicates an error. + */ + +void +dns_keytable_detachkeynode(dns_keytable_t *keytable, + dns_keynode_t **keynodep); +/* + * Give back a keynode found via dns_keytable_findkeynode(). + * + * Requires: + * + * 'keytable' is a valid keytable. + * + * *keynodep is a valid keynode returned by a call to + * dns_keytable_findkeynode(). + * + * Ensures: + * + * *keynodep == NULL + */ + +isc_result_t +dns_keytable_issecuredomain(dns_keytable_t *keytable, dns_name_t *name, + isc_boolean_t *wantdnssecp); +/* + * Is 'name' at or beneath a trusted key? + * + * Requires: + * + * 'keytable' is a valid keytable. + * + * 'name' is a valid absolute name. + * + * '*wantsdnssecp' is a valid isc_boolean_t. + * + * Ensures: + * + * On success, *wantsdnssecp will be ISC_TRUE if and only if 'name' + * is at or beneath a trusted key. + * + * Returns: + * + * ISC_R_SUCCESS + * + * Any other result is an error. + */ + +dst_key_t * +dns_keynode_key(dns_keynode_t *keynode); +/* + * Get the DST key associated with keynode. + */ + +ISC_LANG_ENDDECLS + +#endif /* DNS_KEYTABLE_H */ diff --git a/lib/dns/include/dns/validator.h b/lib/dns/include/dns/validator.h new file mode 100644 index 0000000000..1897e8c299 --- /dev/null +++ b/lib/dns/include/dns/validator.h @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2000 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +#ifndef DNS_VALIDATOR_H +#define DNS_VALIDATOR_H 1 + +/***** + ***** Module Info + *****/ + +/* + * DNS Validator + * + * XXX XXX + * + * MP: + * The module ensures appropriate synchronization of data structures it + * creates and manipulates. + * + * Reliability: + * No anticipated impact. + * + * Resources: + * + * + * Security: + * No anticipated impact. + * + * Standards: + * RFCs: 1034, 1035, 2181, 2535, + * Drafts: + */ + +#include +#include +#include + +#include +#include +#include + +ISC_LANG_BEGINDECLS + +/* + * A dns_validatorevent_t is sent when a 'validation' completes. + * + * 'rdataset', 'sigrdataset', and 'message' are the values that were + * supplied when dns_validator_create() was called. They are returned to the + * caller so that they may be freed. + */ +typedef struct dns_validatorevent { + ISC_EVENT_COMMON(struct dns_validatorevent); + dns_validator_t * validator; + isc_result_t result; + dns_rdataset_t * rdataset; + dns_rdataset_t * sigrdataset; + dns_message_t * message; +} dns_validatorevent_t; + +isc_result_t +dns_validator_create(dns_view_t *view, dns_name_t *name, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, + dns_message_t *message, unsigned int options, + isc_task_t *task, isc_taskaction_t action, void *arg, + dns_validator_t **validatorp); + +void +dns_validator_cancel(dns_validator_t *validator); + +void +dns_validator_destroy(dns_validator_t **validatorp); + +ISC_LANG_ENDDECLS + +#endif /* DNS_VALIDATOR_H */ diff --git a/lib/dns/keytable.c b/lib/dns/keytable.c new file mode 100644 index 0000000000..1376366f29 --- /dev/null +++ b/lib/dns/keytable.c @@ -0,0 +1,336 @@ +/* + * Copyright (C) 2000 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +struct dns_keytable { + /* Unlocked. */ + unsigned int magic; + isc_mem_t *mctx; + isc_mutex_t lock; + isc_rwlock_t rwlock; + /* Locked by lock. */ + isc_uint32_t active_nodes; + /* Locked by rwlock. */ + isc_uint32_t references; + dns_rbt_t *table; +}; + +#define KEYTABLEMAGIC 0x4b54626cU /* KTbl */ +#define VALID_KEYTABLE(kt) ISC_MAGIC_VALID(kt, KEYTABLEMAGIC) + +struct dns_keynode { + unsigned int magic; + dst_key_t * key; + struct dns_keynode * next; +}; + +#define KEYNODEMAGIC 0x4b4e6f64U /* KNod */ +#define VALID_KEYNODE(kn) ISC_MAGIC_VALID(kn, KEYNODEMAGIC) + +isc_result_t +dns_keytable_create(isc_mem_t *mctx, dns_keytable_t **keytablep) { + dns_keytable_t *keytable; + isc_result_t result; + + /* + * Create a keytable. + */ + + REQUIRE(keytablep != NULL && *keytablep == NULL); + + keytable = isc_mem_get(mctx, sizeof *keytable); + if (keytable == NULL) + return (DNS_R_NOMEMORY); + + keytable->table = NULL; + result = dns_rbt_create(mctx, NULL, NULL, &keytable->table); + if (result != ISC_R_SUCCESS) + goto cleanup_keytable; + + result = isc_mutex_init(&keytable->lock); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_mutex_init() failed: %s", + isc_result_totext(result)); + result = ISC_R_UNEXPECTED; + goto cleanup_rbt; + } + + result = isc_rwlock_init(&keytable->rwlock, 0, 0); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_rwlock_init() failed: %s", + isc_result_totext(result)); + result = ISC_R_UNEXPECTED; + goto cleanup_lock; + } + + keytable->mctx = mctx; + keytable->active_nodes = 0; + keytable->references = 1; + keytable->magic = KEYTABLEMAGIC; + *keytablep = keytable; + + return (ISC_R_SUCCESS); + + cleanup_lock: + isc_mutex_destroy(&keytable->lock); + + cleanup_rbt: + dns_rbt_destroy(&keytable->table); + + cleanup_keytable: + isc_mem_put(mctx, keytable, sizeof *keytable); + + return (result); +} + + +void +dns_keytable_attach(dns_keytable_t *source, dns_keytable_t **targetp) { + + /* + * Attach *targetp to source. + */ + + REQUIRE(VALID_KEYTABLE(source)); + REQUIRE(targetp != NULL && *targetp == NULL); + + RWLOCK(&source->rwlock, isc_rwlocktype_write); + + INSIST(source->references > 0); + source->references++; + INSIST(source->references != 0); + + RWUNLOCK(&source->rwlock, isc_rwlocktype_write); + + *targetp = source; +} + +void +dns_keytable_detach(dns_keytable_t **keytablep) { + isc_boolean_t destroy = ISC_FALSE; + dns_keytable_t *keytable; + + /* + * Detach *keytablep from its keytable. + */ + + REQUIRE(keytablep != NULL && VALID_KEYTABLE(*keytablep)); + + keytable = *keytablep; + + RWLOCK(&keytable->rwlock, isc_rwlocktype_write); + + INSIST(keytable->references > 0); + keytable->references--; + LOCK(&keytable->lock); + if (keytable->references == 0 && keytable->active_nodes == 0) + destroy = ISC_TRUE; + UNLOCK(&keytable->lock); + + RWUNLOCK(&keytable->rwlock, isc_rwlocktype_write); + + if (destroy) { + dns_rbt_destroy(&keytable->table); + isc_rwlock_destroy(&keytable->rwlock); + isc_mutex_destroy(&keytable->lock); + keytable->magic = 0; + isc_mem_put(keytable->mctx, keytable, sizeof *keytable); + } + + *keytablep = NULL; +} + +isc_result_t +dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) { + isc_result_t result; + dns_keynode_t *knode; + dns_rbtnode_t *node; + dns_fixedname_t fname; + char *keyname; + isc_buffer_t buffer; + size_t len; + + /* + * Add '*keyp' to 'keytable'. + */ + + REQUIRE(VALID_KEYTABLE(keytable)); + REQUIRE(keyp != NULL); + + keyname = dst_key_name(*keyp); + INSIST(keyname != NULL); + len = strlen(keyname); + isc_buffer_init(&buffer, keyname, len, ISC_BUFFERTYPE_TEXT); + isc_buffer_add(&buffer, len); + dns_fixedname_init(&fname); + result = dns_name_fromtext(dns_fixedname_name(&fname), &buffer, + dns_rootname, ISC_FALSE, NULL); + if (result != ISC_R_SUCCESS) + return (result); + + knode = isc_mem_get(keytable->mctx, sizeof *knode); + if (knode == NULL) + return (ISC_R_NOMEMORY); + + RWLOCK(&keytable->rwlock, isc_rwlocktype_write); + + node = NULL; + result = dns_rbt_addnode(keytable->table, dns_fixedname_name(&fname), + &node); + + if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) { + knode->key = *keyp; + knode->next = node->data; + node->data = knode; + *keyp = NULL; + knode = NULL; + } + + RWUNLOCK(&keytable->rwlock, isc_rwlocktype_write); + + if (knode != NULL) + isc_mem_put(keytable->mctx, knode, sizeof *knode); + + return (result); +} + +isc_result_t +dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name, + dns_secalg_t algorithm, dns_keytag_t tag, + dns_keynode_t **keynodep) +{ + isc_result_t result; + dns_keynode_t *knode; + void *data; + + /* + * Search for a key named 'name', matching 'algorithm' and 'tag' in + * 'keytable'. + */ + + REQUIRE(VALID_KEYTABLE(keytable)); + REQUIRE(dns_name_isabsolute(name)); + REQUIRE(keynodep != NULL && *keynodep == NULL); + + RWLOCK(&keytable->rwlock, isc_rwlocktype_read); + + knode = NULL; + data = NULL; + result = dns_rbt_findname(keytable->table, name, NULL, &data); + + if (result == ISC_R_SUCCESS) { + INSIST(data != NULL); + for (knode = data; knode != NULL; knode = knode->next) { + if (algorithm == (dns_secalg_t)dst_key_alg(knode->key) + && tag == (dns_keytag_t)dst_key_id(knode->key)) + break; + } + if (knode != NULL) { + LOCK(&keytable->lock); + keytable->active_nodes++; + UNLOCK(&keytable->lock); + *keynodep = knode; + } else + result = ISC_R_NOTFOUND; + } else if (result == DNS_R_PARTIALMATCH) + result = ISC_R_NOTFOUND; + + RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read); + + return (result); +} + +void +dns_keytable_detachkeynode(dns_keytable_t *keytable, + dns_keynode_t **keynodep) +{ + /* + * Give back a keynode found via dns_keytable_findkeynode(). + */ + + REQUIRE(VALID_KEYTABLE(keytable)); + REQUIRE(keynodep != NULL && VALID_KEYNODE(*keynodep)); + + LOCK(&keytable->lock); + INSIST(keytable->active_nodes > 0); + keytable->active_nodes--; + UNLOCK(&keytable->lock); + + *keynodep = NULL; +} + +isc_result_t +dns_keytable_issecuredomain(dns_keytable_t *keytable, dns_name_t *name, + isc_boolean_t *wantdnssecp) +{ + isc_result_t result; + void *data; + + /* + * Is 'name' at or beneath a trusted key? + */ + + REQUIRE(VALID_KEYTABLE(keytable)); + REQUIRE(dns_name_isabsolute(name)); + REQUIRE(wantdnssecp != NULL); + + RWLOCK(&keytable->rwlock, isc_rwlocktype_read); + + data = NULL; + result = dns_rbt_findname(keytable->table, name, NULL, &data); + + if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) { + INSIST(data != NULL); + *wantdnssecp = ISC_TRUE; + } else if (result == ISC_R_NOTFOUND) { + *wantdnssecp = ISC_FALSE; + } + + RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read); + + return (result); +} + +dst_key_t * +dns_keynode_key(dns_keynode_t *keynode) { + + /* + * Get the DST key associated with keynode. + */ + + REQUIRE(VALID_KEYNODE(keynode)); + + return (keynode->key); +} diff --git a/lib/dns/validator.c b/lib/dns/validator.c new file mode 100644 index 0000000000..2cc0081f20 --- /dev/null +++ b/lib/dns/validator.c @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2000 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +#include + +isc_result_t +dns_validator_create(dns_view_t *view, dns_name_t *name, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, + dns_message_t *message, unsigned int options, + isc_task_t *task, isc_taskaction_t action, void *arg, + dns_validator_t **validatorp) +{ + REQUIRE(validatorp != NULL && *validatorp == NULL); + + (void)view; + (void)name; + (void)rdataset; + (void)sigrdataset; + (void)message; + (void)options; + (void)task; + (void)action; + (void)arg; + + return (ISC_R_NOTIMPLEMENTED); +} + +void +dns_validator_cancel(dns_validator_t *validator) { + (void)validator; +} + +void +dns_validator_destroy(dns_validator_t **validatorp) { + (void)validatorp; +}