lib » dns

keytable.c File Reference

#include <config.h>
#include <isc/mem.h>
#include <isc/print.h>
#include <isc/rwlock.h>
#include <isc/string.h>
#include <isc/util.h>
#include <dns/keytable.h>
#include <dns/fixedname.h>
#include <dns/rbt.h>
#include <dns/result.h>

Go to the source code of this file.

Functions

static void free_keynode (void *node, void *arg)
isc_result_t dns_keytable_create (isc_mem_t *mctx, dns_keytable_t **keytablep)
 Create a keytable.
void dns_keytable_attach (dns_keytable_t *source, dns_keytable_t **targetp)
 Attach *targetp to source.
void dns_keytable_detach (dns_keytable_t **keytablep)
 Detach *keytablep from its keytable.
static isc_result_t insert (dns_keytable_t *keytable, isc_boolean_t managed, dns_name_t *keyname, dst_key_t **keyp)
isc_result_t dns_keytable_add (dns_keytable_t *keytable, isc_boolean_t managed, dst_key_t **keyp)
 Add '*keyp' to 'keytable' (using the name in '*keyp'). The value of keynode->managed is set to 'managed'.
isc_result_t dns_keytable_marksecure (dns_keytable_t *keytable, dns_name_t *name)
 Add a null key to 'keytable' for name 'name'. This marks the name as a secure domain, but doesn't supply any key data to allow the domain to be validated. (Used when automated trust anchor management has gotten broken by a zone misconfiguration; for example, when the active key has been revoked but the stand-by key was still in its 30-day waiting period for validity.).
isc_result_t dns_keytable_delete (dns_keytable_t *keytable, dns_name_t *keyname)
 Delete node(s) from 'keytable' matching name 'keyname'.
isc_result_t dns_keytable_deletekeynode (dns_keytable_t *keytable, dst_key_t *dstkey)
 Delete node(s) from 'keytable' containing copies of the key pointed to by 'dstkey'.
isc_result_t dns_keytable_find (dns_keytable_t *keytable, dns_name_t *keyname, dns_keynode_t **keynodep)
 Search for the first instance of a key named 'name' in 'keytable', without regard to keyid and algorithm. Use dns_keytable_nextkeynode() to find subsequent instances.
isc_result_t dns_keytable_nextkeynode (dns_keytable_t *keytable, dns_keynode_t *keynode, dns_keynode_t **nextnodep)
 Return for the next key after 'keynode' in 'keytable', without regard to keyid and algorithm.
isc_result_t dns_keytable_findkeynode (dns_keytable_t *keytable, dns_name_t *name, dns_secalg_t algorithm, dns_keytag_t tag, dns_keynode_t **keynodep)
 Search for a key named 'name', matching 'algorithm' and 'tag' in 'keytable'. This finds the first instance which matches. Use dns_keytable_findnextkeynode() to find other instances.
isc_result_t dns_keytable_findnextkeynode (dns_keytable_t *keytable, dns_keynode_t *keynode, dns_keynode_t **nextnodep)
 Search for the next key with the same properties as 'keynode' in 'keytable' as found by dns_keytable_findkeynode().
isc_result_t dns_keytable_finddeepestmatch (dns_keytable_t *keytable, dns_name_t *name, dns_name_t *foundname)
 Search for the deepest match of 'name' in 'keytable'.
void dns_keytable_attachkeynode (dns_keytable_t *keytable, dns_keynode_t *source, dns_keynode_t **target)
 Attach a keynode and and increment the active_nodes counter in a corresponding keytable.
void dns_keytable_detachkeynode (dns_keytable_t *keytable, dns_keynode_t **keynodep)
 Give back a keynode found via dns_keytable_findkeynode().
isc_result_t dns_keytable_issecuredomain (dns_keytable_t *keytable, dns_name_t *name, dns_name_t *foundname, isc_boolean_t *wantdnssecp)
 Is 'name' at or beneath a trusted key?
static isc_result_t putstr (isc_buffer_t **b, const char *str)
isc_result_t dns_keytable_dump (dns_keytable_t *keytable, FILE *fp)
 Dump the keytable on fp.
isc_result_t dns_keytable_totext (dns_keytable_t *keytable, isc_buffer_t **text)
 Dump the keytable to buffer at 'buf'.
dst_key_tdns_keynode_key (dns_keynode_t *keynode)
 Get the DST key associated with keynode.
isc_boolean_t dns_keynode_managed (dns_keynode_t *keynode)
 Is this flagged as a managed key?
isc_result_t dns_keynode_create (isc_mem_t *mctx, dns_keynode_t **target)
 Allocate space for a keynode.
void dns_keynode_attach (dns_keynode_t *source, dns_keynode_t **target)
 Attach keynode 'source' to '*target'.
void dns_keynode_detach (isc_mem_t *mctx, dns_keynode_t **keynode)
 Detach a single keynode, without touching any keynodes that may be pointed to by its 'next' pointer.
void dns_keynode_detachall (isc_mem_t *mctx, dns_keynode_t **keynode)
 Detach a keynode and all its succesors.

Detailed Description

Definition in file keytable.c.

Function Documentation

static void free_keynode ( void *  node,
void *  arg 
) [static]

Definition at line 36 of file keytable.c.

References dns_keynode_detachall(), and mctx.

Referenced by dns_keytable_create().

isc_result_t dns_keytable_create ( isc_mem_t mctx,
dns_keytable_t **  keytablep 
)

Create a keytable.

Requires:

Ensures:

Returns:

Definition at line 44 of file keytable.c.

References dns_keytable::active_nodes, DESTROYLOCK, dns_rbt_create(), dns_rbt_destroy(), free_keynode(), isc_mem_attach(), isc_mem_get, isc_mem_putanddetach, isc_mutex_init, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_rwlock_init(), KEYTABLE_MAGIC, dns_keytable::lock, dns_keytable::magic, dns_keytable::mctx, dns_keytable::references, REQUIRE, dns_keytable::rwlock, and dns_keytable::table.

Referenced by dns_view_initsecroots().

void dns_keytable_attach ( dns_keytable_t source,
dns_keytable_t **  targetp 
)

Attach *targetp to source.

Requires:

Ensures:

Definition at line 93 of file keytable.c.

References INSIST, isc_rwlocktype_write, dns_keytable::references, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, and VALID_KEYTABLE.

Referenced by dns_view_getsecroots().

void dns_keytable_detach ( dns_keytable_t **  keytablep  ) 

Detach *keytablep from its keytable.

Requires:

Ensures:

Definition at line 114 of file keytable.c.

References dns_keytable::active_nodes, destroy(), DESTROYLOCK, dns_rbt_destroy(), INSIST, ISC_FALSE, isc_mem_putanddetach, isc_rwlock_destroy(), isc_rwlocktype_write, ISC_TRUE, dns_keytable::lock, LOCK, dns_keytable::magic, dns_keytable::mctx, dns_keytable::references, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, UNLOCK, and VALID_KEYTABLE.

Referenced by destroy(), dns_client_addtrustedkey(), dns_view_initsecroots(), dns_view_untrust(), fail_secure(), keyfetch_done(), load_secroots(), load_view_keys(), ns_server_dumpsecroots(), sync_keyzone(), and trust_key().

static isc_result_t insert ( dns_keytable_t keytable,
isc_boolean_t  managed,
dns_name_t keyname,
dst_key_t **  keyp 
) [static]

Definition at line 150 of file keytable.c.

References dns_rbtnode::data, dns_keynode_create(), dns_keynode_detach(), dns_rbt_addnode(), dst_key_compare(), dst_key_free(), ISC_R_EXISTS, ISC_R_SUCCESS, isc_rwlocktype_write, ISC_TRUE, dns_keynode::key, dns_keynode::managed, dns_keytable::mctx, dns_keynode::next, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.

Referenced by dns_keytable_add(), and dns_keytable_marksecure().

isc_result_t dns_keytable_add ( dns_keytable_t keytable,
isc_boolean_t  managed,
dst_key_t **  keyp 
)

Add '*keyp' to 'keytable' (using the name in '*keyp'). The value of keynode->managed is set to 'managed'.

Notes:

Requires:

Ensures:

Returns:

Definition at line 216 of file keytable.c.

References dst_key_name(), insert(), and REQUIRE.

Referenced by dns_client_addtrustedkey(), load_view_keys(), and trust_key().

isc_result_t dns_keytable_marksecure ( dns_keytable_t keytable,
dns_name_t name 
)

Add a null key to 'keytable' for name 'name'. This marks the name as a secure domain, but doesn't supply any key data to allow the domain to be validated. (Used when automated trust anchor management has gotten broken by a zone misconfiguration; for example, when the active key has been revoked but the stand-by key was still in its 30-day waiting period for validity.).

Notes:

Requires:

Returns:

Definition at line 224 of file keytable.c.

References insert(), and ISC_TRUE.

Referenced by fail_secure().

isc_result_t dns_keytable_delete ( dns_keytable_t keytable,
dns_name_t keyname 
)

Delete node(s) from 'keytable' matching name 'keyname'.

Requires:

Returns:

Definition at line 229 of file keytable.c.

References dns_rbtnode::data, DNS_R_PARTIALMATCH, dns_rbt_deletenode(), dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, ISC_FALSE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_write, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.

Referenced by load_secroots().

isc_result_t dns_keytable_deletekeynode ( dns_keytable_t keytable,
dst_key_t dstkey 
)

Delete node(s) from 'keytable' containing copies of the key pointed to by 'dstkey'.

Requires:

Returns:

Definition at line 253 of file keytable.c.

References dns_rbtnode::data, dns_keynode_detach(), DNS_R_PARTIALMATCH, dns_rbt_deletenode(), dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, dst_key_compare(), dst_key_free(), dst_key_name(), finish, ISC_FALSE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_write, ISC_TRUE, dns_keynode::key, dns_keytable::mctx, dns_keynode::next, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.

Referenced by dns_view_untrust().

isc_result_t dns_keytable_find ( dns_keytable_t keytable,
dns_name_t keyname,
dns_keynode_t **  keynodep 
)

Search for the first instance of a key named 'name' in 'keytable', without regard to keyid and algorithm. Use dns_keytable_nextkeynode() to find subsequent instances.

Requires:

Returns:

Definition at line 316 of file keytable.c.

References dns_keytable::active_nodes, dns_rbtnode::data, dns_keynode_attach(), DNS_R_PARTIALMATCH, dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, dns_keytable::lock, LOCK, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, UNLOCK, and VALID_KEYTABLE.

Referenced by keyfetch_done(), and sync_keyzone().

isc_result_t dns_keytable_nextkeynode ( dns_keytable_t keytable,
dns_keynode_t keynode,
dns_keynode_t **  nextnodep 
)

Return for the next key after 'keynode' in 'keytable', without regard to keyid and algorithm.

Requires:

Returns:

Definition at line 345 of file keytable.c.

References dns_keytable::active_nodes, dns_keynode_attach(), ISC_R_NOTFOUND, ISC_R_SUCCESS, dns_keytable::lock, LOCK, dns_keynode::next, REQUIRE, UNLOCK, VALID_KEYNODE, and VALID_KEYTABLE.

Referenced by create_keydata(), and keyfetch_done().

isc_result_t dns_keytable_findkeynode ( dns_keytable_t keytable,
dns_name_t name,
dns_secalg_t  algorithm,
dns_keytag_t  tag,
dns_keynode_t **  keynodep 
)

Search for a key named 'name', matching 'algorithm' and 'tag' in 'keytable'. This finds the first instance which matches. Use dns_keytable_findnextkeynode() to find other instances.

Requires:

Returns:

Definition at line 369 of file keytable.c.

References dns_keytable::active_nodes, dns_keynode_attach(), dns_name_isabsolute(), DNS_R_PARTIALMATCH, dns_rbt_findname(), dst_key_alg(), dst_key_id(), INSIST, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, dns_keynode::key, dns_keytable::lock, LOCK, dns_keynode::next, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, UNLOCK, and VALID_KEYTABLE.

Referenced by validatezonekey().

isc_result_t dns_keytable_findnextkeynode ( dns_keytable_t keytable,
dns_keynode_t keynode,
dns_keynode_t **  nextnodep 
)

Search for the next key with the same properties as 'keynode' in 'keytable' as found by dns_keytable_findkeynode().

Requires:

Returns:

Definition at line 426 of file keytable.c.

References dns_keytable::active_nodes, dns_keynode_attach(), dst_key_alg(), dst_key_id(), ISC_R_NOTFOUND, ISC_R_SUCCESS, dns_keynode::key, dns_keytable::lock, LOCK, dns_keynode::next, REQUIRE, UNLOCK, VALID_KEYNODE, and VALID_KEYTABLE.

Referenced by validate(), and validatezonekey().

isc_result_t dns_keytable_finddeepestmatch ( dns_keytable_t keytable,
dns_name_t name,
dns_name_t foundname 
)

Search for the deepest match of 'name' in 'keytable'.

Requires:

Returns:

Definition at line 463 of file keytable.c.

References dns_name_isabsolute(), DNS_R_PARTIALMATCH, dns_rbt_findname(), ISC_R_SUCCESS, isc_rwlocktype_read, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.

Referenced by proveunsecure(), and validatezonekey().

void dns_keytable_attachkeynode ( dns_keytable_t keytable,
dns_keynode_t source,
dns_keynode_t **  target 
)

Attach a keynode and and increment the active_nodes counter in a corresponding keytable.

Requires:

Definition at line 491 of file keytable.c.

References dns_keytable::active_nodes, dns_keynode_attach(), dns_keytable::lock, LOCK, REQUIRE, UNLOCK, VALID_KEYNODE, and VALID_KEYTABLE.

Referenced by sync_keyzone().

void dns_keytable_detachkeynode ( dns_keytable_t keytable,
dns_keynode_t **  keynodep 
)

Give back a keynode found via dns_keytable_findkeynode().

Requires:

Ensures:

Definition at line 510 of file keytable.c.

References dns_keytable::active_nodes, dns_keynode_detach(), INSIST, dns_keytable::lock, LOCK, dns_keytable::mctx, REQUIRE, UNLOCK, VALID_KEYNODE, and VALID_KEYTABLE.

Referenced by create_keydata(), destroy(), keyfetch_done(), sync_keyzone(), validate(), and validatezonekey().

isc_result_t dns_keytable_issecuredomain ( dns_keytable_t keytable,
dns_name_t name,
dns_name_t foundname,
isc_boolean_t wantdnssecp 
)

Is 'name' at or beneath a trusted key?

Requires:

Ensures:

Returns:

Definition at line 528 of file keytable.c.

References dns_rbtnode::data, dns_name_isabsolute(), DNS_R_PARTIALMATCH, dns_rbt_findnode(), DNS_RBTFIND_NOOPTIONS, INSIST, ISC_FALSE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, ISC_TRUE, REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.

Referenced by dns_view_issecuredomain().

static isc_result_t putstr ( isc_buffer_t **  b,
const char *  str 
) [static]

Definition at line 561 of file keytable.c.

References isc_buffer_putstr, isc_buffer_reserve(), and ISC_R_SUCCESS.

Referenced by dns_keytable_dump(), dns_keytable_totext(), dns_ntatable_dump(), dns_ntatable_totext(), do_addzone(), do_modzone(), inuse(), list_keynames(), mkey_dumpzone(), mkey_refresh(), mkey_status(), ns_server_delzone(), ns_server_dumpsecroots(), ns_server_freeze(), ns_server_mkeys(), ns_server_notifycommand(), ns_server_nta(), ns_server_refreshcommand(), ns_server_reloadcommand(), ns_server_showzone(), ns_server_signing(), ns_server_status(), ns_server_tsigdelete(), ns_server_tsiglist(), ns_server_validation(), ns_server_zonestatus(), and zone_from_args().

isc_result_t dns_keytable_dump ( dns_keytable_t keytable,
FILE *  fp 
)

Dump the keytable on fp.

Definition at line 573 of file keytable.c.

References dns_keytable_totext(), isc_buffer_allocate(), isc_buffer_base, isc_buffer_free(), isc_buffer_usedlength, ISC_R_SUCCESS, isc_result_totext(), dns_keytable::mctx, putstr(), REQUIRE, text, and VALID_KEYTABLE.

isc_result_t dns_keytable_totext ( dns_keytable_t keytable,
isc_buffer_t **  text 
)

Dump the keytable to buffer at 'buf'.

Definition at line 603 of file keytable.c.

References cleanup(), dns_rbtnode::data, DNS_NAME_FORMATSIZE, DNS_R_NEWORIGIN, dns_rbtnodechain_current(), dns_rbtnodechain_first(), dns_rbtnodechain_init(), dns_rbtnodechain_invalidate(), dns_rbtnodechain_next(), dst_key_format(), DST_KEY_FORMATSIZE, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_rwlocktype_read, dns_keynode::key, dns_keynode::managed, dns_keytable::mctx, dns_keynode::next, putstr(), REQUIRE, dns_keytable::rwlock, RWLOCK, RWUNLOCK, dns_keytable::table, and VALID_KEYTABLE.

Referenced by dns_keytable_dump(), and ns_server_dumpsecroots().

dst_key_t* dns_keynode_key ( dns_keynode_t keynode  ) 

Get the DST key associated with keynode.

Definition at line 650 of file keytable.c.

References dns_keynode::key, REQUIRE, and VALID_KEYNODE.

Referenced by create_keydata(), keyfetch_done(), sync_keyzone(), validate(), and validatezonekey().

isc_boolean_t dns_keynode_managed ( dns_keynode_t keynode  ) 

Is this flagged as a managed key?

Definition at line 662 of file keytable.c.

References dns_keynode::managed, REQUIRE, and VALID_KEYNODE.

Referenced by sync_keyzone().

isc_result_t dns_keynode_create ( isc_mem_t mctx,
dns_keynode_t **  target 
)

Allocate space for a keynode.

Definition at line 672 of file keytable.c.

References ISC_FALSE, isc_mem_get, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_refcount_init(), dns_keynode::key, KEYNODE_MAGIC, dns_keynode::magic, dns_keynode::managed, dns_keynode::next, dns_keynode::refcount, and REQUIRE.

Referenced by insert().

void dns_keynode_attach ( dns_keynode_t source,
dns_keynode_t **  target 
)

Attach keynode 'source' to '*target'.

Definition at line 696 of file keytable.c.

References isc_refcount_increment, dns_keynode::refcount, REQUIRE, and VALID_KEYNODE.

Referenced by dns_keytable_attachkeynode(), dns_keytable_find(), dns_keytable_findkeynode(), dns_keytable_findnextkeynode(), and dns_keytable_nextkeynode().

void dns_keynode_detach ( isc_mem_t mctx,
dns_keynode_t **  keynode 
)

Detach a single keynode, without touching any keynodes that may be pointed to by its 'next' pointer.

Definition at line 703 of file keytable.c.

References dst_key_free(), isc_mem_put, isc_refcount_decrement, isc_refcount_destroy, dns_keynode::key, dns_keynode::refcount, REQUIRE, and VALID_KEYNODE.

Referenced by dns_keynode_detachall(), dns_keytable_deletekeynode(), dns_keytable_detachkeynode(), and insert().

void dns_keynode_detachall ( isc_mem_t mctx,
dns_keynode_t **  keynode 
)

Detach a keynode and all its succesors.

Definition at line 718 of file keytable.c.

References dns_keynode_detach(), dns_keynode::next, REQUIRE, and VALID_KEYNODE.

Referenced by free_keynode().

Generated on Tue Apr 28 17:41:11 2015 by Doxygen 1.5.4 for BIND9 Internals 9.11.0pre-alpha