00001 /* 00002 * Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC") 00003 * 00004 * Permission to use, copy, modify, and/or distribute this software for any 00005 * purpose with or without fee is hereby granted, provided that the above 00006 * copyright notice and this permission notice appear in all copies. 00007 * 00008 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 00009 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 00010 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 00011 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 00012 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 00013 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 00014 * PERFORMANCE OF THIS SOFTWARE. 00015 */ 00016 00017 #ifndef DNS_NTA_H 00018 #define DNS_NTA_H 1 00019 00020 /***** 00021 ***** Module Info 00022 *****/ 00023 00024 /*! \file 00025 * \brief 00026 * The NTA module provides services for storing and retrieving negative 00027 * trust anchors, and determine whether a given domain is subject to 00028 * DNSSEC validation. 00029 */ 00030 00031 #include <isc/buffer.h> 00032 #include <isc/lang.h> 00033 #include <isc/magic.h> 00034 #include <isc/refcount.h> 00035 #include <isc/rwlock.h> 00036 #include <isc/stdtime.h> 00037 #include <isc/task.h> 00038 #include <isc/timer.h> 00039 00040 #include <dns/types.h> 00041 #include <dns/rdataset.h> 00042 #include <dns/resolver.h> 00043 #include <dns/view.h> 00044 00045 ISC_LANG_BEGINDECLS 00046 00047 struct dns_ntatable { 00048 /* Unlocked. */ 00049 unsigned int magic; 00050 dns_view_t *view; 00051 isc_rwlock_t rwlock; 00052 isc_uint32_t recheck; 00053 isc_taskmgr_t *taskmgr; 00054 isc_timermgr_t *timermgr; 00055 isc_task_t *task; 00056 /* Locked by rwlock. */ 00057 isc_uint32_t references; 00058 dns_rbt_t *table; 00059 }; 00060 00061 #define NTATABLE_MAGIC ISC_MAGIC('N', 'T', 'A', 't') 00062 #define VALID_NTATABLE(nt) ISC_MAGIC_VALID(nt, NTATABLE_MAGIC) 00063 00064 isc_result_t 00065 dns_ntatable_create(dns_view_t *view, 00066 isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, 00067 dns_ntatable_t **ntatablep); 00068 /*%< 00069 * Create an NTA table in view 'view'. 00070 * 00071 * Requires: 00072 * 00073 *\li 'view' is a valid view. 00074 * 00075 *\li 'tmgr' is a valid timer manager. 00076 * 00077 *\li ntatablep != NULL && *ntatablep == NULL 00078 * 00079 * Ensures: 00080 * 00081 *\li On success, *ntatablep is a valid, empty NTA table. 00082 * 00083 * Returns: 00084 * 00085 *\li ISC_R_SUCCESS 00086 *\li Any other result indicates failure. 00087 */ 00088 00089 void 00090 dns_ntatable_attach(dns_ntatable_t *source, dns_ntatable_t **targetp); 00091 /*%< 00092 * Attach *targetp to source. 00093 * 00094 * Requires: 00095 * 00096 *\li 'source' is a valid ntatable. 00097 * 00098 *\li 'targetp' points to a NULL dns_ntatable_t *. 00099 * 00100 * Ensures: 00101 * 00102 *\li *targetp is attached to source. 00103 */ 00104 00105 void 00106 dns_ntatable_detach(dns_ntatable_t **ntatablep); 00107 /*%< 00108 * Detach *ntatablep from its ntatable. 00109 * 00110 * Requires: 00111 * 00112 *\li 'ntatablep' points to a valid ntatable. 00113 * 00114 * Ensures: 00115 * 00116 *\li *ntatablep is NULL. 00117 * 00118 *\li If '*ntatablep' is the last reference to the ntatable, 00119 * all resources used by the ntatable will be freed 00120 */ 00121 00122 isc_result_t 00123 dns_ntatable_add(dns_ntatable_t *ntatable, dns_name_t *name, 00124 isc_boolean_t force, isc_stdtime_t now, 00125 isc_uint32_t lifetime); 00126 /*%< 00127 * Add a negative trust anchor to 'ntatable' for name 'name', 00128 * which will expire at time 'now' + 'lifetime'. If 'force' is ISC_FALSE, 00129 * then the name will be checked periodically to see if it's bogus; 00130 * if not, then the NTA will be allowed to expire early. 00131 * 00132 * Notes: 00133 * 00134 *\li If an NTA already exists in the table, its expiry time 00135 * is updated. 00136 * 00137 * Requires: 00138 * 00139 *\li 'ntatable' points to a valid ntatable. 00140 * 00141 *\li 'name' points to a valid name. 00142 * 00143 * Returns: 00144 * 00145 *\li ISC_R_SUCCESS 00146 * 00147 *\li Any other result indicates failure. 00148 */ 00149 00150 isc_result_t 00151 dns_ntatable_delete(dns_ntatable_t *ntatable, dns_name_t *keyname); 00152 /*%< 00153 * Delete node(s) from 'ntatable' matching name 'keyname' 00154 * 00155 * Requires: 00156 * 00157 *\li 'ntatable' points to a valid ntatable. 00158 * 00159 *\li 'name' is not NULL 00160 * 00161 * Returns: 00162 * 00163 *\li ISC_R_SUCCESS 00164 * 00165 *\li Any other result indicates failure. 00166 */ 00167 00168 isc_boolean_t 00169 dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now, 00170 dns_name_t *name, dns_name_t *anchor); 00171 /*%< 00172 * Return ISC_TRUE if 'name' is below a non-expired negative trust 00173 * anchor which in turn is at or below 'anchor'. 00174 * 00175 * If 'ntatable' has not been initialized, return ISC_FALSE. 00176 * 00177 * Requires: 00178 * 00179 *\li 'ntatable' is NULL or is a valid ntatable. 00180 * 00181 *\li 'name' is a valid absolute name. 00182 */ 00183 00184 isc_result_t 00185 dns_ntatable_totext(dns_ntatable_t *ntatable, isc_buffer_t **buf); 00186 /*%< 00187 * Dump the NTA table to buffer at 'buf' 00188 * 00189 * Requires: 00190 * \li "ntatable" is a valid table. 00191 * 00192 * \li "*buf" is a valid buffer. 00193 */ 00194 00195 isc_result_t 00196 dns_ntatable_dump(dns_ntatable_t *ntatable, FILE *fp); 00197 /*%< 00198 * Dump the NTA table to the file opened as 'fp'. 00199 */ 00200 00201 isc_result_t 00202 dns_ntatable_save(dns_ntatable_t *ntatable, FILE *fp); 00203 /*%< 00204 * Save the NTA table to the file opened as 'fp', for later loading. 00205 */ 00206 ISC_LANG_ENDDECLS 00207 00208 #endif /* DNS_NTA_H */