39  * This file contains storage for the trust anchors for the validator.
114 /** destroy locks in tree and delete autotrust anchors */
140 anchors_delete(struct val_anchors* anchors)
142 	if(!anchors)
144 	lock_unprotect(&anchors->lock, anchors->autr);
145 	lock_unprotect(&anchors->lock, anchors);
146 	lock_basic_destroy(&anchors->lock);
147 	if(anchors->tree)
148 		traverse_postorder(anchors->tree, anchors_delfunc, NULL);
149 	free(anchors->tree);
150 	autr_global_delete(anchors->autr);
151 	free(anchors);
155 anchors_init_parents_locked(struct val_anchors* anchors)
161 	RBTREE_FOR(node, struct trust_anchor*, anchors->tree) {
189 init_parents(struct val_anchors* anchors)
191 	lock_basic_lock(&anchors->lock);
192 	anchors_init_parents_locked(anchors);
193 	lock_basic_unlock(&anchors->lock);
197 anchor_find(struct val_anchors* anchors, uint8_t* name, int namelabs,
208 	lock_basic_lock(&anchors->lock);
209 	n = rbtree_search(anchors->tree, &key);
213 	lock_basic_unlock(&anchors->lock);
221 anchor_new_ta(struct val_anchors* anchors, uint8_t* name, int namelabs,
243 		lock_basic_lock(&anchors->lock);
250 	rbtree_insert(anchors->tree, &ta->node);
252 		lock_basic_unlock(&anchors->lock);
294  * @param anchors: anchor storage.
304 anchor_store_new_key(struct val_anchors* anchors, uint8_t* name, uint16_t type,
317 	ta = anchor_find(anchors, name, namelabs, namelen, dclass);
319 		ta = anchor_new_ta(anchors, name, namelabs, namelen, dclass, 1);
350  * @param anchors: anchor storage.
357 anchor_store_new_rr(struct val_anchors* anchors, uint8_t* rr, size_t rl,
361 	if(!(ta=anchor_store_new_key(anchors, rr,
376  * @param anchors: anchor storage.
381 anchor_insert_insecure(struct val_anchors* anchors, const char* str)
390 	ta = anchor_store_new_key(anchors, nm, LDNS_RR_TYPE_DS,
397 anchor_store_str(struct val_anchors* anchors, sldns_buffer* buffer,
411 	if(!(ta=anchor_store_new_rr(anchors, rr, len, dname_len))) {
419  * Read a file with trust anchors
420  * @param anchors: anchor storage.
427 anchor_read_file(struct val_anchors* anchors, sldns_buffer* buffer,
462 		if(!(tanew=anchor_store_new_rr(anchors, rr, len, dname_len))) {
479 	/* empty file is OK when multiple anchors are allowed */
629  * @param anchors: where to store keys
636 process_bind_contents(struct val_anchors* anchors, sldns_buffer* buf, 
688 			if(!anchor_store_str(anchors, buf, str)) {
727  * Read a BIND9 like file with trust anchors in named.conf format.
728  * @param anchors: anchor storage.
734 anchor_read_bind_file(struct val_anchors* anchors, sldns_buffer* buffer,
760 		if(!process_bind_contents(anchors, buffer, &line_nr, in)) {
777  * Read a BIND9 like files with trust anchors in named.conf format.
779  * @param anchors: anchor storage.
785 anchor_read_bind_file_wild(struct val_anchors* anchors, sldns_buffer* buffer,
794 		return anchor_read_bind_file(anchors, buffer, pat);
834 		if(!anchor_read_bind_file(anchors, buffer, g.gl_pathv[i])) {
844 	return anchor_read_bind_file(anchors, buffer, pat);
950  * @return number of DS anchors with unsupported algorithms.
967  * @return number of DNSKEY anchors with unsupported algorithms.
981  * Assemble the rrsets in the anchors, ready for use by validator.
982  * @param anchors: trust anchor storage.
986 anchors_assemble_rrsets(struct val_anchors* anchors)
991 	lock_basic_lock(&anchors->lock);
992 	ta=(struct trust_anchor*)rbtree_first(anchors->tree);
1004 			lock_basic_unlock(&anchors->lock);
1031 			(void)rbtree_delete(anchors->tree, &ta->node);
1040 	lock_basic_unlock(&anchors->lock);
1045 anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
1053 			if(!anchor_insert_insecure(anchors, *zstr)) {
1063 		if(!anchor_insert_insecure(anchors, f->str)) {
1076 		if(!anchor_read_file(anchors, parsebuf, nm, 0)) {
1089 		if(!anchor_read_bind_file_wild(anchors, parsebuf, nm)) {
1098 		if(!anchor_store_str(anchors, parsebuf, f->str)) {
1110 		if(!(dlva = anchor_read_file(anchors, parsebuf,
1117 		lock_basic_lock(&anchors->lock);
1118 		anchors->dlv_anchor = dlva;
1119 		lock_basic_unlock(&anchors->lock);
1126 			anchors, parsebuf, f->str))) {
1131 		lock_basic_lock(&anchors->lock);
1132 		anchors->dlv_anchor = dlva;
1133 		lock_basic_unlock(&anchors->lock);
1135 	/* do autr last, so that it sees what anchors are filled by other
1144 		if(!autr_read_file(anchors, nm)) {
1151 	/* first assemble, since it may delete useless anchors */
1152 	anchors_assemble_rrsets(anchors);
1153 	init_parents(anchors);
1155 	if(verbosity >= VERB_ALGO) autr_debug_print(anchors);
1160 anchors_lookup(struct val_anchors* anchors,
1171 	lock_basic_lock(&anchors->lock);
1172 	if(rbtree_find_less_equal(anchors->tree, &key, &res)) {
1180 			lock_basic_unlock(&anchors->lock);
1195 	lock_basic_unlock(&anchors->lock);
1200 anchors_get_mem(struct val_anchors* anchors)
1203 	size_t s = sizeof(*anchors);
1204 	if(!anchors)
1206 	RBTREE_FOR(ta, struct trust_anchor*, anchors->tree) {
1214 anchors_add_insecure(struct val_anchors* anchors, uint16_t c, uint8_t* nm)
1221 	lock_basic_lock(&anchors->lock);
1222 	if(rbtree_search(anchors->tree, &key)) {
1223 		lock_basic_unlock(&anchors->lock);
1227 	if(!anchor_new_ta(anchors, nm, key.namelabs, key.namelen, c, 0)) {
1229 		lock_basic_unlock(&anchors->lock);
1233 	anchors_init_parents_locked(anchors);
1234 	lock_basic_unlock(&anchors->lock);
1239 anchors_delete_insecure(struct val_anchors* anchors, uint16_t c,
1248 	lock_basic_lock(&anchors->lock);
1249 	if(!(ta=(struct trust_anchor*)rbtree_search(anchors->tree, &key))) {
1250 		lock_basic_unlock(&anchors->lock);
1258 		lock_basic_unlock(&anchors->lock);
1265 	(void)rbtree_delete(anchors->tree, &ta->node);
1266 	anchors_init_parents_locked(anchors);
1267 	lock_basic_unlock(&anchors->lock);

Indexes created Wed Jul 03 21:38:27 MDT 2024