This file contains storage for the trust anchors for the validator. More...
Data Structures | |
| struct | val_anchors |
| Trust anchor store. More... | |
| struct | ta_key |
| Trust anchor key. More... | |
| struct | trust_anchor |
| A trust anchor in the trust anchor store. More... | |
Functions | |
| struct val_anchors * | anchors_create (void) |
| Create trust anchor storage. More... | |
| void | anchors_delete (struct val_anchors *anchors) |
| Delete trust anchor storage. More... | |
| int | anchors_apply_cfg (struct val_anchors *anchors, struct config_file *cfg) |
| Process trust anchor config. More... | |
| void | anchors_init_parents_locked (struct val_anchors *anchors) |
| Recalculate parent pointers. More... | |
| struct trust_anchor * | anchors_lookup (struct val_anchors *anchors, uint8_t *qname, size_t qname_len, uint16_t qclass) |
| Given a qname/qclass combination, find the trust anchor closest above it. More... | |
| struct trust_anchor * | anchor_find (struct val_anchors *anchors, uint8_t *name, int namelabs, size_t namelen, uint16_t dclass) |
| Find a trust anchor. More... | |
| struct trust_anchor * | anchor_store_str (struct val_anchors *anchors, struct sldns_buffer *buffer, const char *str) |
| Store one string as trust anchor RR. More... | |
| size_t | anchors_get_mem (struct val_anchors *anchors) |
| Get memory in use by the trust anchor storage. More... | |
| int | anchor_cmp (const void *k1, const void *k2) |
| compare two trust anchors | |
| int | anchors_add_insecure (struct val_anchors *anchors, uint16_t c, uint8_t *nm) |
| Add insecure point trust anchor. More... | |
| void | anchors_delete_insecure (struct val_anchors *anchors, uint16_t c, uint8_t *nm) |
| Delete insecure point trust anchor. More... | |
| size_t | anchor_list_keytags (struct trust_anchor *ta, uint16_t *list, size_t num) |
| Get a list of keytags for the trust anchor. More... | |
| int | anchor_has_keytag (struct val_anchors *anchors, uint8_t *name, int namelabs, size_t namelen, uint16_t dclass, uint16_t keytag) |
| Check if there is a trust anchor for given zone with this keytag. More... | |
| struct trust_anchor * | anchors_find_any_noninsecure (struct val_anchors *anchors) |
| Find an anchor that is not an insecure point, if any, or there are no DNSSEC verification anchors if none. More... | |
This file contains storage for the trust anchors for the validator.
| struct val_anchors* anchors_create | ( | void | ) |
Create trust anchor storage.
References anchor_cmp(), anchors_delete(), val_anchors::autr, autr_global_create(), val_anchors::lock, rbtree_create(), and val_anchors::tree.
Referenced by anchors_test(), and val_apply_cfg().
| void anchors_delete | ( | struct val_anchors * | anchors | ) |
Delete trust anchor storage.
| anchors | to delete. |
References anchors_delfunc(), val_anchors::autr, autr_global_delete(), val_anchors::lock, traverse_postorder(), and val_anchors::tree.
Referenced by anchors_create(), anchors_test(), and val_deinit().
| int anchors_apply_cfg | ( | struct val_anchors * | anchors, |
| struct config_file * | cfg | ||
| ) |
Process trust anchor config.
| anchors | struct anchor storage |
| cfg | config options. |
References anchor_insert_insecure(), anchor_read_bind_file_wild(), anchor_read_file(), anchor_store_str(), anchors_assemble_rrsets(), as112_zones, config_file::auto_trust_anchor_file_list, autr_debug_print(), autr_read_file(), config_file::chrootdir, config_file::domain_insecure, init_parents(), config_file::insecure_lan_zones, log_err(), config_strlist::next, sldns_buffer_free(), sldns_buffer_new(), config_strlist::str, config_file::trust_anchor_file_list, config_file::trust_anchor_list, config_file::trusted_keys_file_list, VERB_ALGO, and verbosity.
Referenced by val_apply_cfg().
| void anchors_init_parents_locked | ( | struct val_anchors * | anchors | ) |
Recalculate parent pointers.
The caller must hold the lock on the anchors structure (say after removing an item from the rbtree). Caller must not hold any locks on trust anchors. After the call is complete the parent pointers are updated and an item just removed is no longer referenced in parent pointers.
| anchors | the structure to update. |
References trust_anchor::dclass, dname_lab_cmp(), trust_anchor::name, trust_anchor::namelabs, trust_anchor::node, rbnode_type::parent, trust_anchor::parent, RBTREE_FOR, and val_anchors::tree.
Referenced by anchors_add_insecure(), anchors_delete_insecure(), and init_parents().
| struct trust_anchor* anchors_lookup | ( | struct val_anchors * | anchors, |
| uint8_t * | qname, | ||
| size_t | qname_len, | ||
| uint16_t | qclass | ||
| ) |
Given a qname/qclass combination, find the trust anchor closest above it.
Or return NULL if none exists.
| anchors | struct anchor storage |
| qname | query name, uncompressed wireformat. |
| qname_len | length of qname. |
| qclass | class to query for. |
References trust_anchor::dclass, dname_count_labels(), dname_lab_cmp(), rbnode_type::key, val_anchors::lock, trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, trust_anchor::parent, rbtree_find_less_equal(), and val_anchors::tree.
Referenced by auth_zone_verify_zonemd(), check_no_anchor(), iter_qname_indicates_dnssec(), test_anchor_empty(), test_anchor_one(), and test_anchors().
| struct trust_anchor* anchor_find | ( | struct val_anchors * | anchors, |
| uint8_t * | name, | ||
| int | namelabs, | ||
| size_t | namelen, | ||
| uint16_t | dclass | ||
| ) |
Find a trust anchor.
Exact matching.
| anchors | anchor storage. |
| name | name of trust anchor (wireformat) |
| namelabs | labels in name |
| namelen | length of name |
| dclass | class of trust anchor |
References trust_anchor::dclass, rbnode_type::key, val_anchors::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, rbtree_search(), and val_anchors::tree.
Referenced by anchor_has_keytag(), do_list_forwards(), find_add_tp(), iter_indicates_dnssec(), and process_prime_response().
| struct trust_anchor* anchor_store_str | ( | struct val_anchors * | anchors, |
| struct sldns_buffer * | buffer, | ||
| const char * | str | ||
| ) |
Store one string as trust anchor RR.
| anchors | anchor storage. |
| buffer | parsing buffer, to generate the RR wireformat in. |
| str | string. |
Referenced by anchors_apply_cfg(), test_anchor_one(), and test_anchors().
| size_t anchors_get_mem | ( | struct val_anchors * | anchors | ) |
Get memory in use by the trust anchor storage.
| anchors | anchor storage. |
References trust_anchor::namelen, RBTREE_FOR, and val_anchors::tree.
| int anchors_add_insecure | ( | struct val_anchors * | anchors, |
| uint16_t | c, | ||
| uint8_t * | nm | ||
| ) |
Add insecure point trust anchor.
For external use (locks and init_parents)
| anchors | anchor storage. |
| c | class. |
| nm | name of insecure trust point. |
References anchor_new_ta(), anchors_init_parents_locked(), trust_anchor::dclass, dname_count_size_labels(), rbnode_type::key, val_anchors::lock, log_err(), trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, rbtree_search(), and val_anchors::tree.
Referenced by do_insecure_add().
| void anchors_delete_insecure | ( | struct val_anchors * | anchors, |
| uint16_t | c, | ||
| uint8_t * | nm | ||
| ) |
Delete insecure point trust anchor.
Does not remove if no such point. For external use (locks and init_parents)
| anchors | anchor storage. |
| c | class. |
| nm | name of insecure trust point. |
References anchors_delfunc(), anchors_init_parents_locked(), trust_anchor::autr, trust_anchor::dclass, dname_count_size_labels(), rbnode_type::key, trust_anchor::keylist, val_anchors::lock, trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, trust_anchor::numDNSKEY, trust_anchor::numDS, rbtree_delete(), rbtree_search(), and val_anchors::tree.
Referenced by do_insecure_remove().
| size_t anchor_list_keytags | ( | struct trust_anchor * | ta, |
| uint16_t * | list, | ||
| size_t | num | ||
| ) |
Get a list of keytags for the trust anchor.
Zero tags for insecure points.
| ta | trust anchor (locked by caller). |
| list | array of uint16_t. |
| num | length of array. |
References packed_rrset_data::count, lruhash_entry::data, dnskey_calc_keytag(), trust_anchor::dnskey_rrset, ds_get_keytag(), trust_anchor::ds_rrset, ub_packed_rrset_key::entry, keytag_compare(), trust_anchor::numDNSKEY, and trust_anchor::numDS.
Referenced by anchor_has_keytag().
| int anchor_has_keytag | ( | struct val_anchors * | anchors, |
| uint8_t * | name, | ||
| int | namelabs, | ||
| size_t | namelen, | ||
| uint16_t | dclass, | ||
| uint16_t | keytag | ||
| ) |
Check if there is a trust anchor for given zone with this keytag.
| anchors | anchor storage |
| name | name of trust anchor (wireformat) |
| namelabs | labels in name |
| namelen | length of name |
| dclass | class of trust anchor |
| keytag | keytag |
References anchor_find(), anchor_list_keytags(), trust_anchor::dclass, trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::numDNSKEY, and trust_anchor::numDS.
| struct trust_anchor* anchors_find_any_noninsecure | ( | struct val_anchors * | anchors | ) |
Find an anchor that is not an insecure point, if any, or there are no DNSSEC verification anchors if none.
| anchors | anchor storage |
References val_anchors::lock, trust_anchor::lock, trust_anchor::node, trust_anchor::numDNSKEY, trust_anchor::numDS, rbtree_first(), rbtree_next(), RBTREE_NULL, and val_anchors::tree.
Referenced by val_init().