#include <isc/lang.h>
#include <isc/magic.h>
#include <isc/refcount.h>
#include <isc/rwlock.h>
#include <isc/stdtime.h>
#include <dns/types.h>
#include <dst/dst.h>
Go to the source code of this file.
Data Structures | |
struct | dns_keytable |
struct | dns_keynode |
Defines | |
#define | DNS_KEYTABLE_H 1 |
#define | KEYTABLE_MAGIC ISC_MAGIC('K', 'T', 'b', 'l') |
#define | VALID_KEYTABLE(kt) ISC_MAGIC_VALID(kt, KEYTABLE_MAGIC) |
#define | KEYNODE_MAGIC ISC_MAGIC('K', 'N', 'o', 'd') |
#define | VALID_KEYNODE(kn) ISC_MAGIC_VALID(kn, KEYNODE_MAGIC) |
Functions | |
isc_result_t | dns_keytable_create (isc_mem_t *mctx, dns_keytable_t **keytablep) |
Create a keytable. | |
void | dns_keytable_attach (dns_keytable_t *source, dns_keytable_t **targetp) |
Attach *targetp to source. | |
void | dns_keytable_detach (dns_keytable_t **keytablep) |
Detach *keytablep from its keytable. | |
isc_result_t | dns_keytable_add (dns_keytable_t *keytable, isc_boolean_t managed, dst_key_t **keyp) |
Add '*keyp' to 'keytable' (using the name in '*keyp'). The value of keynode->managed is set to 'managed'. | |
isc_result_t | dns_keytable_marksecure (dns_keytable_t *keytable, dns_name_t *name) |
Add a null key to 'keytable' for name 'name'. This marks the name as a secure domain, but doesn't supply any key data to allow the domain to be validated. (Used when automated trust anchor management has gotten broken by a zone misconfiguration; for example, when the active key has been revoked but the stand-by key was still in its 30-day waiting period for validity.). | |
isc_result_t | dns_keytable_delete (dns_keytable_t *keytable, dns_name_t *keyname) |
Delete node(s) from 'keytable' matching name 'keyname'. | |
isc_result_t | dns_keytable_deletekeynode (dns_keytable_t *keytable, dst_key_t *dstkey) |
Delete node(s) from 'keytable' containing copies of the key pointed to by 'dstkey'. | |
isc_result_t | dns_keytable_find (dns_keytable_t *keytable, dns_name_t *keyname, dns_keynode_t **keynodep) |
Search for the first instance of a key named 'name' in 'keytable', without regard to keyid and algorithm. Use dns_keytable_nextkeynode() to find subsequent instances. | |
isc_result_t | dns_keytable_nextkeynode (dns_keytable_t *keytable, dns_keynode_t *keynode, dns_keynode_t **nextnodep) |
Return for the next key after 'keynode' in 'keytable', without regard to keyid and algorithm. | |
isc_result_t | dns_keytable_findkeynode (dns_keytable_t *keytable, dns_name_t *name, dns_secalg_t algorithm, dns_keytag_t tag, dns_keynode_t **keynodep) |
Search for a key named 'name', matching 'algorithm' and 'tag' in 'keytable'. This finds the first instance which matches. Use dns_keytable_findnextkeynode() to find other instances. | |
isc_result_t | dns_keytable_findnextkeynode (dns_keytable_t *keytable, dns_keynode_t *keynode, dns_keynode_t **nextnodep) |
Search for the next key with the same properties as 'keynode' in 'keytable' as found by dns_keytable_findkeynode(). | |
isc_result_t | dns_keytable_finddeepestmatch (dns_keytable_t *keytable, dns_name_t *name, dns_name_t *foundname) |
Search for the deepest match of 'name' in 'keytable'. | |
void | dns_keytable_attachkeynode (dns_keytable_t *keytable, dns_keynode_t *source, dns_keynode_t **target) |
Attach a keynode and and increment the active_nodes counter in a corresponding keytable. | |
void | dns_keytable_detachkeynode (dns_keytable_t *keytable, dns_keynode_t **keynodep) |
Give back a keynode found via dns_keytable_findkeynode(). | |
isc_result_t | dns_keytable_issecuredomain (dns_keytable_t *keytable, dns_name_t *name, dns_name_t *foundname, isc_boolean_t *wantdnssecp) |
Is 'name' at or beneath a trusted key? | |
isc_result_t | dns_keytable_dump (dns_keytable_t *keytable, FILE *fp) |
Dump the keytable on fp. | |
isc_result_t | dns_keytable_totext (dns_keytable_t *keytable, isc_buffer_t **buf) |
Dump the keytable to buffer at 'buf'. | |
dst_key_t * | dns_keynode_key (dns_keynode_t *keynode) |
Get the DST key associated with keynode. | |
isc_boolean_t | dns_keynode_managed (dns_keynode_t *keynode) |
Is this flagged as a managed key? | |
isc_result_t | dns_keynode_create (isc_mem_t *mctx, dns_keynode_t **target) |
Allocate space for a keynode. | |
void | dns_keynode_attach (dns_keynode_t *source, dns_keynode_t **target) |
Attach keynode 'source' to '*target'. | |
void | dns_keynode_detach (isc_mem_t *mctx, dns_keynode_t **target) |
Detach a single keynode, without touching any keynodes that may be pointed to by its 'next' pointer. | |
void | dns_keynode_detachall (isc_mem_t *mctx, dns_keynode_t **target) |
Detach a keynode and all its succesors. |
MP:
Definition in file keytable.h.
#define DNS_KEYTABLE_H 1 |
Definition at line 21 of file keytable.h.
#define KEYTABLE_MAGIC ISC_MAGIC('K', 'T', 'b', 'l') |
#define VALID_KEYTABLE | ( | kt | ) | ISC_MAGIC_VALID(kt, KEYTABLE_MAGIC) |
Definition at line 70 of file keytable.h.
Referenced by dns_keytable_attach(), dns_keytable_attachkeynode(), dns_keytable_delete(), dns_keytable_deletekeynode(), dns_keytable_detach(), dns_keytable_detachkeynode(), dns_keytable_dump(), dns_keytable_find(), dns_keytable_finddeepestmatch(), dns_keytable_findkeynode(), dns_keytable_findnextkeynode(), dns_keytable_issecuredomain(), dns_keytable_nextkeynode(), dns_keytable_totext(), and insert().
#define KEYNODE_MAGIC ISC_MAGIC('K', 'N', 'o', 'd') |
#define VALID_KEYNODE | ( | kn | ) | ISC_MAGIC_VALID(kn, KEYNODE_MAGIC) |
Definition at line 81 of file keytable.h.
Referenced by dns_keynode_attach(), dns_keynode_detach(), dns_keynode_detachall(), dns_keynode_key(), dns_keynode_managed(), dns_keytable_attachkeynode(), dns_keytable_detachkeynode(), dns_keytable_findnextkeynode(), and dns_keytable_nextkeynode().
isc_result_t dns_keytable_create | ( | isc_mem_t * | mctx, | |
dns_keytable_t ** | keytablep | |||
) |
Create a keytable.
Requires:
Definition at line 44 of file keytable.c.
References dns_keytable::active_nodes, DESTROYLOCK, dns_rbt_create(), dns_rbt_destroy(), free_keynode(), isc_mem_attach(), isc_mem_get, isc_mem_putanddetach, isc_mutex_init, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_rwlock_init(), KEYTABLE_MAGIC, dns_keytable::lock, dns_keytable::magic, dns_keytable::mctx, dns_keytable::references, REQUIRE, dns_keytable::rwlock, and dns_keytable::table.
Referenced by dns_view_initsecroots().
void dns_keytable_attach | ( | dns_keytable_t * | source, | |
dns_keytable_t ** | targetp | |||
) |
Attach *targetp to source.
Requires:
Definition at line 93 of file keytable.c.
References INSIST, isc_rwlocktype_write, dns_keytable::references, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, and VALID_KEYTABLE.
Referenced by dns_view_getsecroots().
void dns_keytable_detach | ( | dns_keytable_t ** | keytablep | ) |
Detach *keytablep from its keytable.
Requires:
Definition at line 114 of file keytable.c.
References dns_keytable::active_nodes, destroy(), DESTROYLOCK, dns_rbt_destroy(), INSIST, ISC_FALSE, isc_mem_putanddetach, isc_rwlock_destroy(), isc_rwlocktype_write, ISC_TRUE, dns_keytable::lock, LOCK, dns_keytable::magic, dns_keytable::mctx, dns_keytable::references, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, UNLOCK, and VALID_KEYTABLE.
Referenced by destroy(), dns_client_addtrustedkey(), dns_view_initsecroots(), dns_view_untrust(), fail_secure(), keyfetch_done(), load_secroots(), load_view_keys(), ns_server_dumpsecroots(), sync_keyzone(), and trust_key().
isc_result_t dns_keytable_add | ( | dns_keytable_t * | keytable, | |
isc_boolean_t | managed, | |||
dst_key_t ** | keyp | |||
) |
Add '*keyp' to 'keytable' (using the name in '*keyp'). The value of keynode->managed is set to 'managed'.
Notes:
Definition at line 216 of file keytable.c.
References dst_key_name(), insert(), and REQUIRE.
Referenced by dns_client_addtrustedkey(), load_view_keys(), and trust_key().
isc_result_t dns_keytable_marksecure | ( | dns_keytable_t * | keytable, | |
dns_name_t * | name | |||
) |
Add a null key to 'keytable' for name 'name'. This marks the name as a secure domain, but doesn't supply any key data to allow the domain to be validated. (Used when automated trust anchor management has gotten broken by a zone misconfiguration; for example, when the active key has been revoked but the stand-by key was still in its 30-day waiting period for validity.).
Notes:
Definition at line 224 of file keytable.c.
References insert(), and ISC_TRUE.
Referenced by fail_secure().
isc_result_t dns_keytable_delete | ( | dns_keytable_t * | keytable, | |
dns_name_t * | keyname | |||
) |
Delete node(s) from 'keytable' matching name 'keyname'.
Requires:
Definition at line 229 of file keytable.c.
References dns_rbtnode::data, DNS_R_PARTIALMATCH, dns_rbt_deletenode(), dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, ISC_FALSE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_write, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.
Referenced by load_secroots().
isc_result_t dns_keytable_deletekeynode | ( | dns_keytable_t * | keytable, | |
dst_key_t * | dstkey | |||
) |
Delete node(s) from 'keytable' containing copies of the key pointed to by 'dstkey'.
Requires:
Definition at line 253 of file keytable.c.
References dns_rbtnode::data, dns_keynode_detach(), DNS_R_PARTIALMATCH, dns_rbt_deletenode(), dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, dst_key_compare(), dst_key_free(), dst_key_name(), finish, ISC_FALSE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_write, ISC_TRUE, dns_keynode::key, dns_keytable::mctx, dns_keynode::next, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.
Referenced by dns_view_untrust().
isc_result_t dns_keytable_find | ( | dns_keytable_t * | keytable, | |
dns_name_t * | keyname, | |||
dns_keynode_t ** | keynodep | |||
) |
Search for the first instance of a key named 'name' in 'keytable', without regard to keyid and algorithm. Use dns_keytable_nextkeynode() to find subsequent instances.
Requires:
Definition at line 316 of file keytable.c.
References dns_keytable::active_nodes, dns_rbtnode::data, dns_keynode_attach(), DNS_R_PARTIALMATCH, dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, dns_keytable::lock, LOCK, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, UNLOCK, and VALID_KEYTABLE.
Referenced by keyfetch_done(), and sync_keyzone().
isc_result_t dns_keytable_nextkeynode | ( | dns_keytable_t * | keytable, | |
dns_keynode_t * | keynode, | |||
dns_keynode_t ** | nextnodep | |||
) |
Return for the next key after 'keynode' in 'keytable', without regard to keyid and algorithm.
Requires:
Definition at line 345 of file keytable.c.
References dns_keytable::active_nodes, dns_keynode_attach(), ISC_R_NOTFOUND, ISC_R_SUCCESS, dns_keytable::lock, LOCK, dns_keynode::next, REQUIRE, UNLOCK, VALID_KEYNODE, and VALID_KEYTABLE.
Referenced by create_keydata(), and keyfetch_done().
isc_result_t dns_keytable_findkeynode | ( | dns_keytable_t * | keytable, | |
dns_name_t * | name, | |||
dns_secalg_t | algorithm, | |||
dns_keytag_t | tag, | |||
dns_keynode_t ** | keynodep | |||
) |
Search for a key named 'name', matching 'algorithm' and 'tag' in 'keytable'. This finds the first instance which matches. Use dns_keytable_findnextkeynode() to find other instances.
Requires:
Definition at line 369 of file keytable.c.
References dns_keytable::active_nodes, dns_keynode_attach(), dns_name_isabsolute(), DNS_R_PARTIALMATCH, dns_rbt_findname(), dst_key_alg(), dst_key_id(), INSIST, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, dns_keynode::key, dns_keytable::lock, LOCK, dns_keynode::next, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, UNLOCK, and VALID_KEYTABLE.
Referenced by validatezonekey().
isc_result_t dns_keytable_findnextkeynode | ( | dns_keytable_t * | keytable, | |
dns_keynode_t * | keynode, | |||
dns_keynode_t ** | nextnodep | |||
) |
Search for the next key with the same properties as 'keynode' in 'keytable' as found by dns_keytable_findkeynode().
Requires:
Definition at line 426 of file keytable.c.
References dns_keytable::active_nodes, dns_keynode_attach(), dst_key_alg(), dst_key_id(), ISC_R_NOTFOUND, ISC_R_SUCCESS, dns_keynode::key, dns_keytable::lock, LOCK, dns_keynode::next, REQUIRE, UNLOCK, VALID_KEYNODE, and VALID_KEYTABLE.
Referenced by validate(), and validatezonekey().
isc_result_t dns_keytable_finddeepestmatch | ( | dns_keytable_t * | keytable, | |
dns_name_t * | name, | |||
dns_name_t * | foundname | |||
) |
Search for the deepest match of 'name' in 'keytable'.
Requires:
Definition at line 463 of file keytable.c.
References dns_name_isabsolute(), DNS_R_PARTIALMATCH, dns_rbt_findname(), ISC_R_SUCCESS, isc_rwlocktype_read, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.
Referenced by proveunsecure(), and validatezonekey().
void dns_keytable_attachkeynode | ( | dns_keytable_t * | keytable, | |
dns_keynode_t * | source, | |||
dns_keynode_t ** | target | |||
) |
Attach a keynode and and increment the active_nodes counter in a corresponding keytable.
Requires:
Definition at line 491 of file keytable.c.
References dns_keytable::active_nodes, dns_keynode_attach(), dns_keytable::lock, LOCK, REQUIRE, UNLOCK, VALID_KEYNODE, and VALID_KEYTABLE.
Referenced by sync_keyzone().
void dns_keytable_detachkeynode | ( | dns_keytable_t * | keytable, | |
dns_keynode_t ** | keynodep | |||
) |
Give back a keynode found via dns_keytable_findkeynode().
Requires:
Definition at line 510 of file keytable.c.
References dns_keytable::active_nodes, dns_keynode_detach(), INSIST, dns_keytable::lock, LOCK, dns_keytable::mctx, REQUIRE, UNLOCK, VALID_KEYNODE, and VALID_KEYTABLE.
Referenced by create_keydata(), destroy(), keyfetch_done(), sync_keyzone(), validate(), and validatezonekey().
isc_result_t dns_keytable_issecuredomain | ( | dns_keytable_t * | keytable, | |
dns_name_t * | name, | |||
dns_name_t * | foundname, | |||
isc_boolean_t * | wantdnssecp | |||
) |
Is 'name' at or beneath a trusted key?
Requires:
Definition at line 528 of file keytable.c.
References dns_rbtnode::data, dns_name_isabsolute(), DNS_R_PARTIALMATCH, dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, INSIST, ISC_FALSE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, ISC_TRUE, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.
Referenced by dns_view_issecuredomain().
isc_result_t dns_keytable_dump | ( | dns_keytable_t * | keytable, | |
FILE * | fp | |||
) |
Dump the keytable on fp.
Definition at line 573 of file keytable.c.
References dns_keytable_totext(), isc_buffer_allocate(), isc_buffer_base, isc_buffer_free(), isc_buffer_usedlength, ISC_R_SUCCESS, isc_result_totext(), dns_keytable::mctx, putstr(), REQUIRE, text, and VALID_KEYTABLE.
isc_result_t dns_keytable_totext | ( | dns_keytable_t * | keytable, | |
isc_buffer_t ** | buf | |||
) |
Dump the keytable to buffer at 'buf'.
Definition at line 603 of file keytable.c.
References cleanup(), dns_rbtnode::data, DNS_NAME_FORMATSIZE, DNS_R_NEWORIGIN, dns_rbtnodechain_current(), dns_rbtnodechain_first(), dns_rbtnodechain_init(), dns_rbtnodechain_invalidate(), dns_rbtnodechain_next(), dst_key_format(), DST_KEY_FORMATSIZE, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, dns_keynode::key, dns_keynode::managed, dns_keytable::mctx, dns_keynode::next, putstr(), REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.
Referenced by dns_keytable_dump(), and ns_server_dumpsecroots().
dst_key_t* dns_keynode_key | ( | dns_keynode_t * | keynode | ) |
Get the DST key associated with keynode.
Definition at line 650 of file keytable.c.
References dns_keynode::key, REQUIRE, and VALID_KEYNODE.
Referenced by create_keydata(), keyfetch_done(), sync_keyzone(), validate(), and validatezonekey().
isc_boolean_t dns_keynode_managed | ( | dns_keynode_t * | keynode | ) |
Is this flagged as a managed key?
Definition at line 662 of file keytable.c.
References dns_keynode::managed, REQUIRE, and VALID_KEYNODE.
Referenced by sync_keyzone().
isc_result_t dns_keynode_create | ( | isc_mem_t * | mctx, | |
dns_keynode_t ** | target | |||
) |
Allocate space for a keynode.
Definition at line 672 of file keytable.c.
References ISC_FALSE, isc_mem_get, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_refcount_init(), dns_keynode::key, KEYNODE_MAGIC, dns_keynode::magic, dns_keynode::managed, dns_keynode::next, dns_keynode::refcount, and REQUIRE.
Referenced by insert().
void dns_keynode_attach | ( | dns_keynode_t * | source, | |
dns_keynode_t ** | target | |||
) |
Attach keynode 'source' to '*target'.
Definition at line 696 of file keytable.c.
References isc_refcount_increment, dns_keynode::refcount, REQUIRE, and VALID_KEYNODE.
Referenced by dns_keytable_attachkeynode(), dns_keytable_find(), dns_keytable_findkeynode(), dns_keytable_findnextkeynode(), and dns_keytable_nextkeynode().
void dns_keynode_detach | ( | isc_mem_t * | mctx, | |
dns_keynode_t ** | target | |||
) |
Detach a single keynode, without touching any keynodes that may be pointed to by its 'next' pointer.
Definition at line 703 of file keytable.c.
References dst_key_free(), isc_mem_put, isc_refcount_decrement, isc_refcount_destroy, dns_keynode::key, dns_keynode::refcount, REQUIRE, and VALID_KEYNODE.
Referenced by dns_keynode_detachall(), dns_keytable_deletekeynode(), dns_keytable_detachkeynode(), and insert().
void dns_keynode_detachall | ( | isc_mem_t * | mctx, | |
dns_keynode_t ** | target | |||
) |
Detach a keynode and all its succesors.
Definition at line 718 of file keytable.c.
References dns_keynode_detach(), dns_keynode::next, REQUIRE, and VALID_KEYNODE.
Referenced by free_keynode().