monero/external/unbound/validator/autotrust.c
Erik de Castro Lopo a85b5759f3 Upgrade unbound library
These files were pulled from the 1.6.3 release tarball.

This new version builds against OpenSSL version 1.1 which will be
the default in the new Debian Stable which is due to be released
RealSoonNow (tm).
2017-06-17 23:04:00 +10:00

2416 lines
68 KiB
C

/*
* validator/autotrust.c - RFC5011 trust anchor management for unbound.
*
* Copyright (c) 2009, NLnet Labs. All rights reserved.
*
* This software is open source.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of the NLNET LABS nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* \file
*
* Contains autotrust implementation. The implementation was taken from
* the autotrust daemon (BSD licensed), written by Matthijs Mekking.
* It was modified to fit into unbound. The state table process is the same.
*/
#include "config.h"
#include "validator/autotrust.h"
#include "validator/val_anchor.h"
#include "validator/val_utils.h"
#include "validator/val_sigcrypt.h"
#include "util/data/dname.h"
#include "util/data/packed_rrset.h"
#include "util/log.h"
#include "util/module.h"
#include "util/net_help.h"
#include "util/config_file.h"
#include "util/regional.h"
#include "util/random.h"
#include "util/data/msgparse.h"
#include "services/mesh.h"
#include "services/cache/rrset.h"
#include "validator/val_kcache.h"
#include "sldns/sbuffer.h"
#include "sldns/wire2str.h"
#include "sldns/str2wire.h"
#include "sldns/keyraw.h"
#include "sldns/rrdef.h"
#include <stdarg.h>
#include <ctype.h>
/** number of times a key must be seen before it can become valid */
#define MIN_PENDINGCOUNT 2
/** Event: Revoked */
static void do_revoked(struct module_env* env, struct autr_ta* anchor, int* c);
struct autr_global_data* autr_global_create(void)
{
struct autr_global_data* global;
global = (struct autr_global_data*)malloc(sizeof(*global));
if(!global)
return NULL;
rbtree_init(&global->probe, &probetree_cmp);
return global;
}
void autr_global_delete(struct autr_global_data* global)
{
if(!global)
return;
/* elements deleted by parent */
memset(global, 0, sizeof(*global));
free(global);
}
int probetree_cmp(const void* x, const void* y)
{
struct trust_anchor* a = (struct trust_anchor*)x;
struct trust_anchor* b = (struct trust_anchor*)y;
log_assert(a->autr && b->autr);
if(a->autr->next_probe_time < b->autr->next_probe_time)
return -1;
if(a->autr->next_probe_time > b->autr->next_probe_time)
return 1;
/* time is equal, sort on trust point identity */
return anchor_cmp(x, y);
}
size_t
autr_get_num_anchors(struct val_anchors* anchors)
{
size_t res = 0;
if(!anchors)
return 0;
lock_basic_lock(&anchors->lock);
if(anchors->autr)
res = anchors->autr->probe.count;
lock_basic_unlock(&anchors->lock);
return res;
}
/** Position in string */
static int
position_in_string(char *str, const char* sub)
{
char* pos = strstr(str, sub);
if(pos)
return (int)(pos-str)+(int)strlen(sub);
return -1;
}
/** Debug routine to print pretty key information */
static void
verbose_key(struct autr_ta* ta, enum verbosity_value level,
const char* format, ...) ATTR_FORMAT(printf, 3, 4);
/**
* Implementation of debug pretty key print
* @param ta: trust anchor key with DNSKEY data.
* @param level: verbosity level to print at.
* @param format: printf style format string.
*/
static void
verbose_key(struct autr_ta* ta, enum verbosity_value level,
const char* format, ...)
{
va_list args;
va_start(args, format);
if(verbosity >= level) {
char* str = sldns_wire2str_dname(ta->rr, ta->dname_len);
int keytag = (int)sldns_calc_keytag_raw(sldns_wirerr_get_rdata(
ta->rr, ta->rr_len, ta->dname_len),
sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
ta->dname_len));
char msg[MAXSYSLOGMSGLEN];
vsnprintf(msg, sizeof(msg), format, args);
verbose(level, "%s key %d %s", str?str:"??", keytag, msg);
free(str);
}
va_end(args);
}
/**
* Parse comments
* @param str: to parse
* @param ta: trust key autotrust metadata
* @return false on failure.
*/
static int
parse_comments(char* str, struct autr_ta* ta)
{
int len = (int)strlen(str), pos = 0, timestamp = 0;
char* comment = (char*) malloc(sizeof(char)*len+1);
char* comments = comment;
if(!comment) {
log_err("malloc failure in parse");
return 0;
}
/* skip over whitespace and data at start of line */
while (*str != '\0' && *str != ';')
str++;
if (*str == ';')
str++;
/* copy comments */
while (*str != '\0')
{
*comments = *str;
comments++;
str++;
}
*comments = '\0';
comments = comment;
/* read state */
pos = position_in_string(comments, "state=");
if (pos >= (int) strlen(comments))
{
log_err("parse error");
free(comment);
return 0;
}
if (pos <= 0)
ta->s = AUTR_STATE_VALID;
else
{
int s = (int) comments[pos] - '0';
switch(s)
{
case AUTR_STATE_START:
case AUTR_STATE_ADDPEND:
case AUTR_STATE_VALID:
case AUTR_STATE_MISSING:
case AUTR_STATE_REVOKED:
case AUTR_STATE_REMOVED:
ta->s = s;
break;
default:
verbose_key(ta, VERB_OPS, "has undefined "
"state, considered NewKey");
ta->s = AUTR_STATE_START;
break;
}
}
/* read pending count */
pos = position_in_string(comments, "count=");
if (pos >= (int) strlen(comments))
{
log_err("parse error");
free(comment);
return 0;
}
if (pos <= 0)
ta->pending_count = 0;
else
{
comments += pos;
ta->pending_count = (uint8_t)atoi(comments);
}
/* read last change */
pos = position_in_string(comments, "lastchange=");
if (pos >= (int) strlen(comments))
{
log_err("parse error");
free(comment);
return 0;
}
if (pos >= 0)
{
comments += pos;
timestamp = atoi(comments);
}
if (pos < 0 || !timestamp)
ta->last_change = 0;
else
ta->last_change = (time_t)timestamp;
free(comment);
return 1;
}
/** Check if a line contains data (besides comments) */
static int
str_contains_data(char* str, char comment)
{
while (*str != '\0') {
if (*str == comment || *str == '\n')
return 0;
if (*str != ' ' && *str != '\t')
return 1;
str++;
}
return 0;
}
/** Get DNSKEY flags
* rdata without rdatalen in front of it. */
static int
dnskey_flags(uint16_t t, uint8_t* rdata, size_t len)
{
uint16_t f;
if(t != LDNS_RR_TYPE_DNSKEY)
return 0;
if(len < 2)
return 0;
memmove(&f, rdata, 2);
f = ntohs(f);
return (int)f;
}
/** Check if KSK DNSKEY.
* pass rdata without rdatalen in front of it */
static int
rr_is_dnskey_sep(uint16_t t, uint8_t* rdata, size_t len)
{
return (dnskey_flags(t, rdata, len)&DNSKEY_BIT_SEP);
}
/** Check if TA is KSK DNSKEY */
static int
ta_is_dnskey_sep(struct autr_ta* ta)
{
return (dnskey_flags(
sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len),
sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len),
sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len)
) & DNSKEY_BIT_SEP);
}
/** Check if REVOKED DNSKEY
* pass rdata without rdatalen in front of it */
static int
rr_is_dnskey_revoked(uint16_t t, uint8_t* rdata, size_t len)
{
return (dnskey_flags(t, rdata, len)&LDNS_KEY_REVOKE_KEY);
}
/** create ta */
static struct autr_ta*
autr_ta_create(uint8_t* rr, size_t rr_len, size_t dname_len)
{
struct autr_ta* ta = (struct autr_ta*)calloc(1, sizeof(*ta));
if(!ta) {
free(rr);
return NULL;
}
ta->rr = rr;
ta->rr_len = rr_len;
ta->dname_len = dname_len;
return ta;
}
/** create tp */
static struct trust_anchor*
autr_tp_create(struct val_anchors* anchors, uint8_t* own, size_t own_len,
uint16_t dc)
{
struct trust_anchor* tp = (struct trust_anchor*)calloc(1, sizeof(*tp));
if(!tp) return NULL;
tp->name = memdup(own, own_len);
if(!tp->name) {
free(tp);
return NULL;
}
tp->namelen = own_len;
tp->namelabs = dname_count_labels(tp->name);
tp->node.key = tp;
tp->dclass = dc;
tp->autr = (struct autr_point_data*)calloc(1, sizeof(*tp->autr));
if(!tp->autr) {
free(tp->name);
free(tp);
return NULL;
}
tp->autr->pnode.key = tp;
lock_basic_lock(&anchors->lock);
if(!rbtree_insert(anchors->tree, &tp->node)) {
lock_basic_unlock(&anchors->lock);
log_err("trust anchor presented twice");
free(tp->name);
free(tp->autr);
free(tp);
return NULL;
}
if(!rbtree_insert(&anchors->autr->probe, &tp->autr->pnode)) {
(void)rbtree_delete(anchors->tree, tp);
lock_basic_unlock(&anchors->lock);
log_err("trust anchor in probetree twice");
free(tp->name);
free(tp->autr);
free(tp);
return NULL;
}
lock_basic_unlock(&anchors->lock);
lock_basic_init(&tp->lock);
lock_protect(&tp->lock, tp, sizeof(*tp));
lock_protect(&tp->lock, tp->autr, sizeof(*tp->autr));
return tp;
}
/** delete assembled rrsets */
static void
autr_rrset_delete(struct ub_packed_rrset_key* r)
{
if(r) {
free(r->rk.dname);
free(r->entry.data);
free(r);
}
}
void autr_point_delete(struct trust_anchor* tp)
{
if(!tp)
return;
lock_unprotect(&tp->lock, tp);
lock_unprotect(&tp->lock, tp->autr);
lock_basic_destroy(&tp->lock);
autr_rrset_delete(tp->ds_rrset);
autr_rrset_delete(tp->dnskey_rrset);
if(tp->autr) {
struct autr_ta* p = tp->autr->keys, *np;
while(p) {
np = p->next;
free(p->rr);
free(p);
p = np;
}
free(tp->autr->file);
free(tp->autr);
}
free(tp->name);
free(tp);
}
/** find or add a new trust point for autotrust */
static struct trust_anchor*
find_add_tp(struct val_anchors* anchors, uint8_t* rr, size_t rr_len,
size_t dname_len)
{
struct trust_anchor* tp;
tp = anchor_find(anchors, rr, dname_count_labels(rr), dname_len,
sldns_wirerr_get_class(rr, rr_len, dname_len));
if(tp) {
if(!tp->autr) {
log_err("anchor cannot be with and without autotrust");
lock_basic_unlock(&tp->lock);
return NULL;
}
return tp;
}
tp = autr_tp_create(anchors, rr, dname_len, sldns_wirerr_get_class(rr,
rr_len, dname_len));
if(!tp)
return NULL;
lock_basic_lock(&tp->lock);
return tp;
}
/** Add trust anchor from RR */
static struct autr_ta*
add_trustanchor_frm_rr(struct val_anchors* anchors, uint8_t* rr, size_t rr_len,
size_t dname_len, struct trust_anchor** tp)
{
struct autr_ta* ta = autr_ta_create(rr, rr_len, dname_len);
if(!ta)
return NULL;
*tp = find_add_tp(anchors, rr, rr_len, dname_len);
if(!*tp) {
free(ta->rr);
free(ta);
return NULL;
}
/* add ta to tp */
ta->next = (*tp)->autr->keys;
(*tp)->autr->keys = ta;
lock_basic_unlock(&(*tp)->lock);
return ta;
}
/**
* Add new trust anchor from a string in file.
* @param anchors: all anchors
* @param str: string with anchor and comments, if any comments.
* @param tp: trust point returned.
* @param origin: what to use for @
* @param origin_len: length of origin
* @param prev: previous rr name
* @param prev_len: length of prev
* @param skip: if true, the result is NULL, but not an error, skip it.
* @return new key in trust point.
*/
static struct autr_ta*
add_trustanchor_frm_str(struct val_anchors* anchors, char* str,
struct trust_anchor** tp, uint8_t* origin, size_t origin_len,
uint8_t** prev, size_t* prev_len, int* skip)
{
uint8_t rr[LDNS_RR_BUF_SIZE];
size_t rr_len = sizeof(rr), dname_len;
uint8_t* drr;
int lstatus;
if (!str_contains_data(str, ';')) {
*skip = 1;
return NULL; /* empty line */
}
if(0 != (lstatus = sldns_str2wire_rr_buf(str, rr, &rr_len, &dname_len,
0, origin, origin_len, *prev, *prev_len)))
{
log_err("ldns error while converting string to RR at%d: %s: %s",
LDNS_WIREPARSE_OFFSET(lstatus),
sldns_get_errorstr_parse(lstatus), str);
return NULL;
}
free(*prev);
*prev = memdup(rr, dname_len);
*prev_len = dname_len;
if(!*prev) {
log_err("malloc failure in add_trustanchor");
return NULL;
}
if(sldns_wirerr_get_type(rr, rr_len, dname_len)!=LDNS_RR_TYPE_DNSKEY &&
sldns_wirerr_get_type(rr, rr_len, dname_len)!=LDNS_RR_TYPE_DS) {
*skip = 1;
return NULL; /* only DS and DNSKEY allowed */
}
drr = memdup(rr, rr_len);
if(!drr) {
log_err("malloc failure in add trustanchor");
return NULL;
}
return add_trustanchor_frm_rr(anchors, drr, rr_len, dname_len, tp);
}
/**
* Load single anchor
* @param anchors: all points.
* @param str: comments line
* @param fname: filename
* @param origin: the $ORIGIN.
* @param origin_len: length of origin
* @param prev: passed to ldns.
* @param prev_len: length of prev
* @param skip: if true, the result is NULL, but not an error, skip it.
* @return false on failure, otherwise the tp read.
*/
static struct trust_anchor*
load_trustanchor(struct val_anchors* anchors, char* str, const char* fname,
uint8_t* origin, size_t origin_len, uint8_t** prev, size_t* prev_len,
int* skip)
{
struct autr_ta* ta = NULL;
struct trust_anchor* tp = NULL;
ta = add_trustanchor_frm_str(anchors, str, &tp, origin, origin_len,
prev, prev_len, skip);
if(!ta)
return NULL;
lock_basic_lock(&tp->lock);
if(!parse_comments(str, ta)) {
lock_basic_unlock(&tp->lock);
return NULL;
}
if(!tp->autr->file) {
tp->autr->file = strdup(fname);
if(!tp->autr->file) {
lock_basic_unlock(&tp->lock);
log_err("malloc failure");
return NULL;
}
}
lock_basic_unlock(&tp->lock);
return tp;
}
/** iterator for DSes from keylist. return true if a next element exists */
static int
assemble_iterate_ds(struct autr_ta** list, uint8_t** rr, size_t* rr_len,
size_t* dname_len)
{
while(*list) {
if(sldns_wirerr_get_type((*list)->rr, (*list)->rr_len,
(*list)->dname_len) == LDNS_RR_TYPE_DS) {
*rr = (*list)->rr;
*rr_len = (*list)->rr_len;
*dname_len = (*list)->dname_len;
*list = (*list)->next;
return 1;
}
*list = (*list)->next;
}
return 0;
}
/** iterator for DNSKEYs from keylist. return true if a next element exists */
static int
assemble_iterate_dnskey(struct autr_ta** list, uint8_t** rr, size_t* rr_len,
size_t* dname_len)
{
while(*list) {
if(sldns_wirerr_get_type((*list)->rr, (*list)->rr_len,
(*list)->dname_len) != LDNS_RR_TYPE_DS &&
((*list)->s == AUTR_STATE_VALID ||
(*list)->s == AUTR_STATE_MISSING)) {
*rr = (*list)->rr;
*rr_len = (*list)->rr_len;
*dname_len = (*list)->dname_len;
*list = (*list)->next;
return 1;
}
*list = (*list)->next;
}
return 0;
}
/** see if iterator-list has any elements in it, or it is empty */
static int
assemble_iterate_hasfirst(int iter(struct autr_ta**, uint8_t**, size_t*,
size_t*), struct autr_ta* list)
{
uint8_t* rr = NULL;
size_t rr_len = 0, dname_len = 0;
return iter(&list, &rr, &rr_len, &dname_len);
}
/** number of elements in iterator list */
static size_t
assemble_iterate_count(int iter(struct autr_ta**, uint8_t**, size_t*,
size_t*), struct autr_ta* list)
{
uint8_t* rr = NULL;
size_t i = 0, rr_len = 0, dname_len = 0;
while(iter(&list, &rr, &rr_len, &dname_len)) {
i++;
}
return i;
}
/**
* Create a ub_packed_rrset_key allocated on the heap.
* It therefore does not have the correct ID value, and cannot be used
* inside the cache. It can be used in storage outside of the cache.
* Keys for the cache have to be obtained from alloc.h .
* @param iter: iterator over the elements in the list. It filters elements.
* @param list: the list.
* @return key allocated or NULL on failure.
*/
static struct ub_packed_rrset_key*
ub_packed_rrset_heap_key(int iter(struct autr_ta**, uint8_t**, size_t*,
size_t*), struct autr_ta* list)
{
uint8_t* rr = NULL;
size_t rr_len = 0, dname_len = 0;
struct ub_packed_rrset_key* k;
if(!iter(&list, &rr, &rr_len, &dname_len))
return NULL;
k = (struct ub_packed_rrset_key*)calloc(1, sizeof(*k));
if(!k)
return NULL;
k->rk.type = htons(sldns_wirerr_get_type(rr, rr_len, dname_len));
k->rk.rrset_class = htons(sldns_wirerr_get_class(rr, rr_len, dname_len));
k->rk.dname_len = dname_len;
k->rk.dname = memdup(rr, dname_len);
if(!k->rk.dname) {
free(k);
return NULL;
}
return k;
}
/**
* Create packed_rrset data on the heap.
* @param iter: iterator over the elements in the list. It filters elements.
* @param list: the list.
* @return data allocated or NULL on failure.
*/
static struct packed_rrset_data*
packed_rrset_heap_data(int iter(struct autr_ta**, uint8_t**, size_t*,
size_t*), struct autr_ta* list)
{
uint8_t* rr = NULL;
size_t rr_len = 0, dname_len = 0;
struct packed_rrset_data* data;
size_t count=0, rrsig_count=0, len=0, i, total;
uint8_t* nextrdata;
struct autr_ta* list_i;
time_t ttl = 0;
list_i = list;
while(iter(&list_i, &rr, &rr_len, &dname_len)) {
if(sldns_wirerr_get_type(rr, rr_len, dname_len) ==
LDNS_RR_TYPE_RRSIG)
rrsig_count++;
else count++;
/* sizeof the rdlength + rdatalen */
len += 2 + sldns_wirerr_get_rdatalen(rr, rr_len, dname_len);
ttl = (time_t)sldns_wirerr_get_ttl(rr, rr_len, dname_len);
}
if(count == 0 && rrsig_count == 0)
return NULL;
/* allocate */
total = count + rrsig_count;
len += sizeof(*data) + total*(sizeof(size_t) + sizeof(time_t) +
sizeof(uint8_t*));
data = (struct packed_rrset_data*)calloc(1, len);
if(!data)
return NULL;
/* fill it */
data->ttl = ttl;
data->count = count;
data->rrsig_count = rrsig_count;
data->rr_len = (size_t*)((uint8_t*)data +
sizeof(struct packed_rrset_data));
data->rr_data = (uint8_t**)&(data->rr_len[total]);
data->rr_ttl = (time_t*)&(data->rr_data[total]);
nextrdata = (uint8_t*)&(data->rr_ttl[total]);
/* fill out len, ttl, fields */
list_i = list;
i = 0;
while(iter(&list_i, &rr, &rr_len, &dname_len)) {
data->rr_ttl[i] = (time_t)sldns_wirerr_get_ttl(rr, rr_len,
dname_len);
if(data->rr_ttl[i] < data->ttl)
data->ttl = data->rr_ttl[i];
data->rr_len[i] = 2 /* the rdlength */ +
sldns_wirerr_get_rdatalen(rr, rr_len, dname_len);
i++;
}
/* fixup rest of ptrs */
for(i=0; i<total; i++) {
data->rr_data[i] = nextrdata;
nextrdata += data->rr_len[i];
}
/* copy data in there */
list_i = list;
i = 0;
while(iter(&list_i, &rr, &rr_len, &dname_len)) {
memmove(data->rr_data[i],
sldns_wirerr_get_rdatawl(rr, rr_len, dname_len),
data->rr_len[i]);
i++;
}
if(data->rrsig_count && data->count == 0) {
data->count = data->rrsig_count; /* rrset type is RRSIG */
data->rrsig_count = 0;
}
return data;
}
/**
* Assemble the trust anchors into DS and DNSKEY packed rrsets.
* Uses only VALID and MISSING DNSKEYs.
* Read the sldns_rrs and builds packed rrsets
* @param tp: the trust point. Must be locked.
* @return false on malloc failure.
*/
static int
autr_assemble(struct trust_anchor* tp)
{
struct ub_packed_rrset_key* ubds=NULL, *ubdnskey=NULL;
/* make packed rrset keys - malloced with no ID number, they
* are not in the cache */
/* make packed rrset data (if there is a key) */
if(assemble_iterate_hasfirst(assemble_iterate_ds, tp->autr->keys)) {
ubds = ub_packed_rrset_heap_key(
assemble_iterate_ds, tp->autr->keys);
if(!ubds)
goto error_cleanup;
ubds->entry.data = packed_rrset_heap_data(
assemble_iterate_ds, tp->autr->keys);
if(!ubds->entry.data)
goto error_cleanup;
}
/* make packed DNSKEY data */
if(assemble_iterate_hasfirst(assemble_iterate_dnskey, tp->autr->keys)) {
ubdnskey = ub_packed_rrset_heap_key(
assemble_iterate_dnskey, tp->autr->keys);
if(!ubdnskey)
goto error_cleanup;
ubdnskey->entry.data = packed_rrset_heap_data(
assemble_iterate_dnskey, tp->autr->keys);
if(!ubdnskey->entry.data) {
error_cleanup:
autr_rrset_delete(ubds);
autr_rrset_delete(ubdnskey);
return 0;
}
}
/* we have prepared the new keys so nothing can go wrong any more.
* And we are sure we cannot be left without trustanchor after
* any errors. Put in the new keys and remove old ones. */
/* free the old data */
autr_rrset_delete(tp->ds_rrset);
autr_rrset_delete(tp->dnskey_rrset);
/* assign the data to replace the old */
tp->ds_rrset = ubds;
tp->dnskey_rrset = ubdnskey;
tp->numDS = assemble_iterate_count(assemble_iterate_ds,
tp->autr->keys);
tp->numDNSKEY = assemble_iterate_count(assemble_iterate_dnskey,
tp->autr->keys);
return 1;
}
/** parse integer */
static unsigned int
parse_int(char* line, int* ret)
{
char *e;
unsigned int x = (unsigned int)strtol(line, &e, 10);
if(line == e) {
*ret = -1; /* parse error */
return 0;
}
*ret = 1; /* matched */
return x;
}
/** parse id sequence for anchor */
static struct trust_anchor*
parse_id(struct val_anchors* anchors, char* line)
{
struct trust_anchor *tp;
int r;
uint16_t dclass;
uint8_t* dname;
size_t dname_len;
/* read the owner name */
char* next = strchr(line, ' ');
if(!next)
return NULL;
next[0] = 0;
dname = sldns_str2wire_dname(line, &dname_len);
if(!dname)
return NULL;
/* read the class */
dclass = parse_int(next+1, &r);
if(r == -1) {
free(dname);
return NULL;
}
/* find the trust point */
tp = autr_tp_create(anchors, dname, dname_len, dclass);
free(dname);
return tp;
}
/**
* Parse variable from trustanchor header
* @param line: to parse
* @param anchors: the anchor is added to this, if "id:" is seen.
* @param anchor: the anchor as result value or previously returned anchor
* value to read the variable lines into.
* @return: 0 no match, -1 failed syntax error, +1 success line read.
* +2 revoked trust anchor file.
*/
static int
parse_var_line(char* line, struct val_anchors* anchors,
struct trust_anchor** anchor)
{
struct trust_anchor* tp = *anchor;
int r = 0;
if(strncmp(line, ";;id: ", 6) == 0) {
*anchor = parse_id(anchors, line+6);
if(!*anchor) return -1;
else return 1;
} else if(strncmp(line, ";;REVOKED", 9) == 0) {
if(tp) {
log_err("REVOKED statement must be at start of file");
return -1;
}
return 2;
} else if(strncmp(line, ";;last_queried: ", 16) == 0) {
if(!tp) return -1;
lock_basic_lock(&tp->lock);
tp->autr->last_queried = (time_t)parse_int(line+16, &r);
lock_basic_unlock(&tp->lock);
} else if(strncmp(line, ";;last_success: ", 16) == 0) {
if(!tp) return -1;
lock_basic_lock(&tp->lock);
tp->autr->last_success = (time_t)parse_int(line+16, &r);
lock_basic_unlock(&tp->lock);
} else if(strncmp(line, ";;next_probe_time: ", 19) == 0) {
if(!tp) return -1;
lock_basic_lock(&anchors->lock);
lock_basic_lock(&tp->lock);
(void)rbtree_delete(&anchors->autr->probe, tp);
tp->autr->next_probe_time = (time_t)parse_int(line+19, &r);
(void)rbtree_insert(&anchors->autr->probe, &tp->autr->pnode);
lock_basic_unlock(&tp->lock);
lock_basic_unlock(&anchors->lock);
} else if(strncmp(line, ";;query_failed: ", 16) == 0) {
if(!tp) return -1;
lock_basic_lock(&tp->lock);
tp->autr->query_failed = (uint8_t)parse_int(line+16, &r);
lock_basic_unlock(&tp->lock);
} else if(strncmp(line, ";;query_interval: ", 18) == 0) {
if(!tp) return -1;
lock_basic_lock(&tp->lock);
tp->autr->query_interval = (time_t)parse_int(line+18, &r);
lock_basic_unlock(&tp->lock);
} else if(strncmp(line, ";;retry_time: ", 14) == 0) {
if(!tp) return -1;
lock_basic_lock(&tp->lock);
tp->autr->retry_time = (time_t)parse_int(line+14, &r);
lock_basic_unlock(&tp->lock);
}
return r;
}
/** handle origin lines */
static int
handle_origin(char* line, uint8_t** origin, size_t* origin_len)
{
size_t len = 0;
while(isspace((unsigned char)*line))
line++;
if(strncmp(line, "$ORIGIN", 7) != 0)
return 0;
free(*origin);
line += 7;
while(isspace((unsigned char)*line))
line++;
*origin = sldns_str2wire_dname(line, &len);
*origin_len = len;
if(!*origin)
log_warn("malloc failure or parse error in $ORIGIN");
return 1;
}
/** Read one line and put multiline RRs onto one line string */
static int
read_multiline(char* buf, size_t len, FILE* in, int* linenr)
{
char* pos = buf;
size_t left = len;
int depth = 0;
buf[len-1] = 0;
while(left > 0 && fgets(pos, (int)left, in) != NULL) {
size_t i, poslen = strlen(pos);
(*linenr)++;
/* check what the new depth is after the line */
/* this routine cannot handle braces inside quotes,
say for TXT records, but this routine only has to read keys */
for(i=0; i<poslen; i++) {
if(pos[i] == '(') {
depth++;
} else if(pos[i] == ')') {
if(depth == 0) {
log_err("mismatch: too many ')'");
return -1;
}
depth--;
} else if(pos[i] == ';') {
break;
}
}
/* normal oneline or last line: keeps newline and comments */
if(depth == 0) {
return 1;
}
/* more lines expected, snip off comments and newline */
if(poslen>0)
pos[poslen-1] = 0; /* strip newline */
if(strchr(pos, ';'))
strchr(pos, ';')[0] = 0; /* strip comments */
/* move to paste other lines behind this one */
poslen = strlen(pos);
pos += poslen;
left -= poslen;
/* the newline is changed into a space */
if(left <= 2 /* space and eos */) {
log_err("line too long");
return -1;
}
pos[0] = ' ';
pos[1] = 0;
pos += 1;
left -= 1;
}
if(depth != 0) {
log_err("mismatch: too many '('");
return -1;
}
if(pos != buf)
return 1;
return 0;
}
int autr_read_file(struct val_anchors* anchors, const char* nm)
{
/* the file descriptor */
FILE* fd;
/* keep track of line numbers */
int line_nr = 0;
/* single line */
char line[10240];
/* trust point being read */
struct trust_anchor *tp = NULL, *tp2;
int r;
/* for $ORIGIN parsing */
uint8_t *origin=NULL, *prev=NULL;
size_t origin_len=0, prev_len=0;
if (!(fd = fopen(nm, "r"))) {
log_err("unable to open %s for reading: %s",
nm, strerror(errno));
return 0;
}
verbose(VERB_ALGO, "reading autotrust anchor file %s", nm);
while ( (r=read_multiline(line, sizeof(line), fd, &line_nr)) != 0) {
if(r == -1 || (r = parse_var_line(line, anchors, &tp)) == -1) {
log_err("could not parse auto-trust-anchor-file "
"%s line %d", nm, line_nr);
fclose(fd);
free(origin);
free(prev);
return 0;
} else if(r == 1) {
continue;
} else if(r == 2) {
log_warn("trust anchor %s has been revoked", nm);
fclose(fd);
free(origin);
free(prev);
return 1;
}
if (!str_contains_data(line, ';'))
continue; /* empty lines allowed */
if(handle_origin(line, &origin, &origin_len))
continue;
r = 0;
if(!(tp2=load_trustanchor(anchors, line, nm, origin,
origin_len, &prev, &prev_len, &r))) {
if(!r) log_err("failed to load trust anchor from %s "
"at line %i, skipping", nm, line_nr);
/* try to do the rest */
continue;
}
if(tp && tp != tp2) {
log_err("file %s has mismatching data inside: "
"the file may only contain keys for one name, "
"remove keys for other domain names", nm);
fclose(fd);
free(origin);
free(prev);
return 0;
}
tp = tp2;
}
fclose(fd);
free(origin);
free(prev);
if(!tp) {
log_err("failed to read %s", nm);
return 0;
}
/* now assemble the data into DNSKEY and DS packed rrsets */
lock_basic_lock(&tp->lock);
if(!autr_assemble(tp)) {
lock_basic_unlock(&tp->lock);
log_err("malloc failure assembling %s", nm);
return 0;
}
lock_basic_unlock(&tp->lock);
return 1;
}
/** string for a trustanchor state */
static const char*
trustanchor_state2str(autr_state_type s)
{
switch (s) {
case AUTR_STATE_START: return " START ";
case AUTR_STATE_ADDPEND: return " ADDPEND ";
case AUTR_STATE_VALID: return " VALID ";
case AUTR_STATE_MISSING: return " MISSING ";
case AUTR_STATE_REVOKED: return " REVOKED ";
case AUTR_STATE_REMOVED: return " REMOVED ";
}
return " UNKNOWN ";
}
/** print ID to file */
static int
print_id(FILE* out, char* fname, uint8_t* nm, size_t nmlen, uint16_t dclass)
{
char* s = sldns_wire2str_dname(nm, nmlen);
if(!s) {
log_err("malloc failure in write to %s", fname);
return 0;
}
if(fprintf(out, ";;id: %s %d\n", s, (int)dclass) < 0) {
log_err("could not write to %s: %s", fname, strerror(errno));
free(s);
return 0;
}
free(s);
return 1;
}
static int
autr_write_contents(FILE* out, char* fn, struct trust_anchor* tp)
{
char tmi[32];
struct autr_ta* ta;
char* str;
/* write pretty header */
if(fprintf(out, "; autotrust trust anchor file\n") < 0) {
log_err("could not write to %s: %s", fn, strerror(errno));
return 0;
}
if(tp->autr->revoked) {
if(fprintf(out, ";;REVOKED\n") < 0 ||
fprintf(out, "; The zone has all keys revoked, and is\n"
"; considered as if it has no trust anchors.\n"
"; the remainder of the file is the last probe.\n"
"; to restart the trust anchor, overwrite this file.\n"
"; with one containing valid DNSKEYs or DSes.\n") < 0) {
log_err("could not write to %s: %s", fn, strerror(errno));
return 0;
}
}
if(!print_id(out, fn, tp->name, tp->namelen, tp->dclass)) {
return 0;
}
if(fprintf(out, ";;last_queried: %u ;;%s",
(unsigned int)tp->autr->last_queried,
ctime_r(&(tp->autr->last_queried), tmi)) < 0 ||
fprintf(out, ";;last_success: %u ;;%s",
(unsigned int)tp->autr->last_success,
ctime_r(&(tp->autr->last_success), tmi)) < 0 ||
fprintf(out, ";;next_probe_time: %u ;;%s",
(unsigned int)tp->autr->next_probe_time,
ctime_r(&(tp->autr->next_probe_time), tmi)) < 0 ||
fprintf(out, ";;query_failed: %d\n", (int)tp->autr->query_failed)<0
|| fprintf(out, ";;query_interval: %d\n",
(int)tp->autr->query_interval) < 0 ||
fprintf(out, ";;retry_time: %d\n", (int)tp->autr->retry_time) < 0) {
log_err("could not write to %s: %s", fn, strerror(errno));
return 0;
}
/* write anchors */
for(ta=tp->autr->keys; ta; ta=ta->next) {
/* by default do not store START and REMOVED keys */
if(ta->s == AUTR_STATE_START)
continue;
if(ta->s == AUTR_STATE_REMOVED)
continue;
/* only store keys */
if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len)
!= LDNS_RR_TYPE_DNSKEY)
continue;
str = sldns_wire2str_rr(ta->rr, ta->rr_len);
if(!str || !str[0]) {
free(str);
log_err("malloc failure writing %s", fn);
return 0;
}
str[strlen(str)-1] = 0; /* remove newline */
if(fprintf(out, "%s ;;state=%d [%s] ;;count=%d "
";;lastchange=%u ;;%s", str, (int)ta->s,
trustanchor_state2str(ta->s), (int)ta->pending_count,
(unsigned int)ta->last_change,
ctime_r(&(ta->last_change), tmi)) < 0) {
log_err("could not write to %s: %s", fn, strerror(errno));
free(str);
return 0;
}
free(str);
}
return 1;
}
void autr_write_file(struct module_env* env, struct trust_anchor* tp)
{
FILE* out;
char* fname = tp->autr->file;
char tempf[2048];
log_assert(tp->autr);
if(!env) {
log_err("autr_write_file: Module environment is NULL.");
return;
}
/* unique name with pid number and thread number */
snprintf(tempf, sizeof(tempf), "%s.%d-%d", fname, (int)getpid(),
env->worker?*(int*)env->worker:0);
verbose(VERB_ALGO, "autotrust: write to disk: %s", tempf);
out = fopen(tempf, "w");
if(!out) {
fatal_exit("could not open autotrust file for writing, %s: %s",
tempf, strerror(errno));
return;
}
if(!autr_write_contents(out, tempf, tp)) {
/* failed to write contents (completely) */
fclose(out);
unlink(tempf);
fatal_exit("could not completely write: %s", fname);
return;
}
if(fflush(out) != 0)
log_err("could not fflush(%s): %s", fname, strerror(errno));
#ifdef HAVE_FSYNC
if(fsync(fileno(out)) != 0)
log_err("could not fsync(%s): %s", fname, strerror(errno));
#else
FlushFileBuffers((HANDLE)_get_osfhandle(_fileno(out)));
#endif
if(fclose(out) != 0) {
fatal_exit("could not complete write: %s: %s",
fname, strerror(errno));
unlink(tempf);
return;
}
/* success; overwrite actual file */
verbose(VERB_ALGO, "autotrust: replaced %s", fname);
#ifdef UB_ON_WINDOWS
(void)unlink(fname); /* windows does not replace file with rename() */
#endif
if(rename(tempf, fname) < 0) {
fatal_exit("rename(%s to %s): %s", tempf, fname, strerror(errno));
}
}
/**
* Verify if dnskey works for trust point
* @param env: environment (with time) for verification
* @param ve: validator environment (with options) for verification.
* @param tp: trust point to verify with
* @param rrset: DNSKEY rrset to verify.
* @return false on failure, true if verification successful.
*/
static int
verify_dnskey(struct module_env* env, struct val_env* ve,
struct trust_anchor* tp, struct ub_packed_rrset_key* rrset)
{
char* reason = NULL;
uint8_t sigalg[ALGO_NEEDS_MAX+1];
int downprot = env->cfg->harden_algo_downgrade;
enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset,
tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason);
/* sigalg is ignored, it returns algorithms signalled to exist, but
* in 5011 there are no other rrsets to check. if downprot is
* enabled, then it checks that the DNSKEY is signed with all
* algorithms available in the trust store. */
verbose(VERB_ALGO, "autotrust: validate DNSKEY with anchor: %s",
sec_status_to_string(sec));
return sec == sec_status_secure;
}
static int32_t
rrsig_get_expiry(uint8_t* d, size_t len)
{
/* rrsig: 2(rdlen), 2(type) 1(alg) 1(v) 4(origttl), then 4(expi), (4)incep) */
if(len < 2+8+4)
return 0;
return sldns_read_uint32(d+2+8);
}
/** Find minimum expiration interval from signatures */
static time_t
min_expiry(struct module_env* env, struct packed_rrset_data* dd)
{
size_t i;
int32_t t, r = 15 * 24 * 3600; /* 15 days max */
for(i=dd->count; i<dd->count+dd->rrsig_count; i++) {
t = rrsig_get_expiry(dd->rr_data[i], dd->rr_len[i]);
if((int32_t)t - (int32_t)*env->now > 0) {
t -= (int32_t)*env->now;
if(t < r)
r = t;
}
}
return (time_t)r;
}
/** Is rr self-signed revoked key */
static int
rr_is_selfsigned_revoked(struct module_env* env, struct val_env* ve,
struct ub_packed_rrset_key* dnskey_rrset, size_t i)
{
enum sec_status sec;
char* reason = NULL;
verbose(VERB_ALGO, "seen REVOKE flag, check self-signed, rr %d",
(int)i);
/* no algorithm downgrade protection necessary, if it is selfsigned
* revoked it can be removed. */
sec = dnskey_verify_rrset(env, ve, dnskey_rrset, dnskey_rrset, i,
&reason);
return (sec == sec_status_secure);
}
/** Set fetched value */
static void
seen_trustanchor(struct autr_ta* ta, uint8_t seen)
{
ta->fetched = seen;
if(ta->pending_count < 250) /* no numerical overflow, please */
ta->pending_count++;
}
/** set revoked value */
static void
seen_revoked_trustanchor(struct autr_ta* ta, uint8_t revoked)
{
ta->revoked = revoked;
}
/** revoke a trust anchor */
static void
revoke_dnskey(struct autr_ta* ta, int off)
{
uint16_t flags;
uint8_t* data;
if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len) !=
LDNS_RR_TYPE_DNSKEY)
return;
if(sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len) < 2)
return;
data = sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len);
flags = sldns_read_uint16(data);
if (off && (flags&LDNS_KEY_REVOKE_KEY))
flags ^= LDNS_KEY_REVOKE_KEY; /* flip */
else
flags |= LDNS_KEY_REVOKE_KEY;
sldns_write_uint16(data, flags);
}
/** Compare two RRs skipping the REVOKED bit. Pass rdata(no len) */
static int
dnskey_compare_skip_revbit(uint8_t* a, size_t a_len, uint8_t* b, size_t b_len)
{
size_t i;
if(a_len != b_len)
return -1;
/* compare RRs RDATA byte for byte. */
for(i = 0; i < a_len; i++)
{
uint8_t rdf1, rdf2;
rdf1 = a[i];
rdf2 = b[i];
if(i==1) {
/* this is the second part of the flags field */
rdf1 |= LDNS_KEY_REVOKE_KEY;
rdf2 |= LDNS_KEY_REVOKE_KEY;
}
if (rdf1 < rdf2) return -1;
else if (rdf1 > rdf2) return 1;
}
return 0;
}
/** compare trust anchor with rdata, 0 if equal. Pass rdata(no len) */
static int
ta_compare(struct autr_ta* a, uint16_t t, uint8_t* b, size_t b_len)
{
if(!a) return -1;
else if(!b) return -1;
else if(sldns_wirerr_get_type(a->rr, a->rr_len, a->dname_len) != t)
return (int)sldns_wirerr_get_type(a->rr, a->rr_len,
a->dname_len) - (int)t;
else if(t == LDNS_RR_TYPE_DNSKEY) {
return dnskey_compare_skip_revbit(
sldns_wirerr_get_rdata(a->rr, a->rr_len, a->dname_len),
sldns_wirerr_get_rdatalen(a->rr, a->rr_len,
a->dname_len), b, b_len);
}
else if(t == LDNS_RR_TYPE_DS) {
if(sldns_wirerr_get_rdatalen(a->rr, a->rr_len, a->dname_len) !=
b_len)
return -1;
return memcmp(sldns_wirerr_get_rdata(a->rr,
a->rr_len, a->dname_len), b, b_len);
}
return -1;
}
/**
* Find key
* @param tp: to search in
* @param t: rr type of the rdata.
* @param rdata: to look for (no rdatalen in it)
* @param rdata_len: length of rdata
* @param result: returns NULL or the ta key looked for.
* @return false on malloc failure during search. if true examine result.
*/
static int
find_key(struct trust_anchor* tp, uint16_t t, uint8_t* rdata, size_t rdata_len,
struct autr_ta** result)
{
struct autr_ta* ta;
if(!tp || !rdata) {
*result = NULL;
return 0;
}
for(ta=tp->autr->keys; ta; ta=ta->next) {
if(ta_compare(ta, t, rdata, rdata_len) == 0) {
*result = ta;
return 1;
}
}
*result = NULL;
return 1;
}
/** add key and clone RR and tp already locked. rdata without rdlen. */
static struct autr_ta*
add_key(struct trust_anchor* tp, uint32_t ttl, uint8_t* rdata, size_t rdata_len)
{
struct autr_ta* ta;
uint8_t* rr;
size_t rr_len, dname_len;
uint16_t rrtype = htons(LDNS_RR_TYPE_DNSKEY);
uint16_t rrclass = htons(LDNS_RR_CLASS_IN);
uint16_t rdlen = htons(rdata_len);
dname_len = tp->namelen;
ttl = htonl(ttl);
rr_len = dname_len + 10 /* type,class,ttl,rdatalen */ + rdata_len;
rr = (uint8_t*)malloc(rr_len);
if(!rr) return NULL;
memmove(rr, tp->name, tp->namelen);
memmove(rr+dname_len, &rrtype, 2);
memmove(rr+dname_len+2, &rrclass, 2);
memmove(rr+dname_len+4, &ttl, 4);
memmove(rr+dname_len+8, &rdlen, 2);
memmove(rr+dname_len+10, rdata, rdata_len);
ta = autr_ta_create(rr, rr_len, dname_len);
if(!ta) {
/* rr freed in autr_ta_create */
return NULL;
}
/* link in, tp already locked */
ta->next = tp->autr->keys;
tp->autr->keys = ta;
return ta;
}
/** get TTL from DNSKEY rrset */
static time_t
key_ttl(struct ub_packed_rrset_key* k)
{
struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
return d->ttl;
}
/** update the time values for the trustpoint */
static void
set_tp_times(struct trust_anchor* tp, time_t rrsig_exp_interval,
time_t origttl, int* changed)
{
time_t x, qi = tp->autr->query_interval, rt = tp->autr->retry_time;
/* x = MIN(15days, ttl/2, expire/2) */
x = 15 * 24 * 3600;
if(origttl/2 < x)
x = origttl/2;
if(rrsig_exp_interval/2 < x)
x = rrsig_exp_interval/2;
/* MAX(1hr, x) */
if(!autr_permit_small_holddown) {
if(x < 3600)
tp->autr->query_interval = 3600;
else tp->autr->query_interval = x;
} else tp->autr->query_interval = x;
/* x= MIN(1day, ttl/10, expire/10) */
x = 24 * 3600;
if(origttl/10 < x)
x = origttl/10;
if(rrsig_exp_interval/10 < x)
x = rrsig_exp_interval/10;
/* MAX(1hr, x) */
if(!autr_permit_small_holddown) {
if(x < 3600)
tp->autr->retry_time = 3600;
else tp->autr->retry_time = x;
} else tp->autr->retry_time = x;
if(qi != tp->autr->query_interval || rt != tp->autr->retry_time) {
*changed = 1;
verbose(VERB_ALGO, "orig_ttl is %d", (int)origttl);
verbose(VERB_ALGO, "rrsig_exp_interval is %d",
(int)rrsig_exp_interval);
verbose(VERB_ALGO, "query_interval: %d, retry_time: %d",
(int)tp->autr->query_interval,
(int)tp->autr->retry_time);
}
}
/** init events to zero */
static void
init_events(struct trust_anchor* tp)
{
struct autr_ta* ta;
for(ta=tp->autr->keys; ta; ta=ta->next) {
ta->fetched = 0;
}
}
/** check for revoked keys without trusting any other information */
static void
check_contains_revoked(struct module_env* env, struct val_env* ve,
struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset,
int* changed)
{
struct packed_rrset_data* dd = (struct packed_rrset_data*)
dnskey_rrset->entry.data;
size_t i;
log_assert(ntohs(dnskey_rrset->rk.type) == LDNS_RR_TYPE_DNSKEY);
for(i=0; i<dd->count; i++) {
struct autr_ta* ta = NULL;
if(!rr_is_dnskey_sep(ntohs(dnskey_rrset->rk.type),
dd->rr_data[i]+2, dd->rr_len[i]-2) ||
!rr_is_dnskey_revoked(ntohs(dnskey_rrset->rk.type),
dd->rr_data[i]+2, dd->rr_len[i]-2))
continue; /* not a revoked KSK */
if(!find_key(tp, ntohs(dnskey_rrset->rk.type),
dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) {
log_err("malloc failure");
continue; /* malloc fail in compare*/
}
if(!ta)
continue; /* key not found */
if(rr_is_selfsigned_revoked(env, ve, dnskey_rrset, i)) {
/* checked if there is an rrsig signed by this key. */
/* same keytag, but stored can be revoked already, so
* compare keytags, with +0 or +128(REVOKE flag) */
log_assert(dnskey_calc_keytag(dnskey_rrset, i)-128 ==
sldns_calc_keytag_raw(sldns_wirerr_get_rdata(
ta->rr, ta->rr_len, ta->dname_len),
sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
ta->dname_len)) ||
dnskey_calc_keytag(dnskey_rrset, i) ==
sldns_calc_keytag_raw(sldns_wirerr_get_rdata(
ta->rr, ta->rr_len, ta->dname_len),
sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
ta->dname_len))); /* checks conversion*/
verbose_key(ta, VERB_ALGO, "is self-signed revoked");
if(!ta->revoked)
*changed = 1;
seen_revoked_trustanchor(ta, 1);
do_revoked(env, ta, changed);
}
}
}
/** See if a DNSKEY is verified by one of the DSes */
static int
key_matches_a_ds(struct module_env* env, struct val_env* ve,
struct ub_packed_rrset_key* dnskey_rrset, size_t key_idx,
struct ub_packed_rrset_key* ds_rrset)
{
struct packed_rrset_data* dd = (struct packed_rrset_data*)
ds_rrset->entry.data;
size_t ds_idx, num = dd->count;
int d = val_favorite_ds_algo(ds_rrset);
char* reason = "";
for(ds_idx=0; ds_idx<num; ds_idx++) {
if(!ds_digest_algo_is_supported(ds_rrset, ds_idx) ||
!ds_key_algo_is_supported(ds_rrset, ds_idx) ||
ds_get_digest_algo(ds_rrset, ds_idx) != d)
continue;
if(ds_get_key_algo(ds_rrset, ds_idx)
!= dnskey_get_algo(dnskey_rrset, key_idx)
|| dnskey_calc_keytag(dnskey_rrset, key_idx)
!= ds_get_keytag(ds_rrset, ds_idx)) {
continue;
}
if(!ds_digest_match_dnskey(env, dnskey_rrset, key_idx,
ds_rrset, ds_idx)) {
verbose(VERB_ALGO, "DS match attempt failed");
continue;
}
if(dnskey_verify_rrset(env, ve, dnskey_rrset,
dnskey_rrset, key_idx, &reason) == sec_status_secure) {
return 1;
} else {
verbose(VERB_ALGO, "DS match failed because the key "
"does not verify the keyset: %s", reason);
}
}
return 0;
}
/** Set update events */
static int
update_events(struct module_env* env, struct val_env* ve,
struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset,
int* changed)
{
struct packed_rrset_data* dd = (struct packed_rrset_data*)
dnskey_rrset->entry.data;
size_t i;
log_assert(ntohs(dnskey_rrset->rk.type) == LDNS_RR_TYPE_DNSKEY);
init_events(tp);
for(i=0; i<dd->count; i++) {
struct autr_ta* ta = NULL;
if(!rr_is_dnskey_sep(ntohs(dnskey_rrset->rk.type),
dd->rr_data[i]+2, dd->rr_len[i]-2))
continue;
if(rr_is_dnskey_revoked(ntohs(dnskey_rrset->rk.type),
dd->rr_data[i]+2, dd->rr_len[i]-2)) {
/* self-signed revoked keys already detected before,
* other revoked keys are not 'added' again */
continue;
}
/* is a key of this type supported?. Note rr_list and
* packed_rrset are in the same order. */
if(!dnskey_algo_is_supported(dnskey_rrset, i)) {
/* skip unknown algorithm key, it is useless to us */
log_nametypeclass(VERB_DETAIL, "trust point has "
"unsupported algorithm at",
tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass);
continue;
}
/* is it new? if revocation bit set, find the unrevoked key */
if(!find_key(tp, ntohs(dnskey_rrset->rk.type),
dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) {
return 0;
}
if(!ta) {
ta = add_key(tp, (uint32_t)dd->rr_ttl[i],
dd->rr_data[i]+2, dd->rr_len[i]-2);
*changed = 1;
/* first time seen, do we have DSes? if match: VALID */
if(ta && tp->ds_rrset && key_matches_a_ds(env, ve,
dnskey_rrset, i, tp->ds_rrset)) {
verbose_key(ta, VERB_ALGO, "verified by DS");
ta->s = AUTR_STATE_VALID;
}
}
if(!ta) {
return 0;
}
seen_trustanchor(ta, 1);
verbose_key(ta, VERB_ALGO, "in DNS response");
}
set_tp_times(tp, min_expiry(env, dd), key_ttl(dnskey_rrset), changed);
return 1;
}
/**
* Check if the holddown time has already exceeded
* setting: add-holddown: add holddown timer
* setting: del-holddown: del holddown timer
* @param env: environment with current time
* @param ta: trust anchor to check for.
* @param holddown: the timer value
* @return number of seconds the holddown has passed.
*/
static time_t
check_holddown(struct module_env* env, struct autr_ta* ta,
unsigned int holddown)
{
time_t elapsed;
if(*env->now < ta->last_change) {
log_warn("time goes backwards. delaying key holddown");
return 0;
}
elapsed = *env->now - ta->last_change;
if (elapsed > (time_t)holddown) {
return elapsed-(time_t)holddown;
}
verbose_key(ta, VERB_ALGO, "holddown time " ARG_LL "d seconds to go",
(long long) ((time_t)holddown-elapsed));
return 0;
}
/** Set last_change to now */
static void
reset_holddown(struct module_env* env, struct autr_ta* ta, int* changed)
{
ta->last_change = *env->now;
*changed = 1;
}
/** Set the state for this trust anchor */
static void
set_trustanchor_state(struct module_env* env, struct autr_ta* ta, int* changed,
autr_state_type s)
{
verbose_key(ta, VERB_ALGO, "update: %s to %s",
trustanchor_state2str(ta->s), trustanchor_state2str(s));
ta->s = s;
reset_holddown(env, ta, changed);
}
/** Event: NewKey */
static void
do_newkey(struct module_env* env, struct autr_ta* anchor, int* c)
{
if (anchor->s == AUTR_STATE_START)
set_trustanchor_state(env, anchor, c, AUTR_STATE_ADDPEND);
}
/** Event: AddTime */
static void
do_addtime(struct module_env* env, struct autr_ta* anchor, int* c)
{
/* This not according to RFC, this is 30 days, but the RFC demands
* MAX(30days, TTL expire time of first DNSKEY set with this key),
* The value may be too small if a very large TTL was used. */
time_t exceeded = check_holddown(env, anchor, env->cfg->add_holddown);
if (exceeded && anchor->s == AUTR_STATE_ADDPEND) {
verbose_key(anchor, VERB_ALGO, "add-holddown time exceeded "
ARG_LL "d seconds ago, and pending-count %d",
(long long)exceeded, anchor->pending_count);
if(anchor->pending_count >= MIN_PENDINGCOUNT) {
set_trustanchor_state(env, anchor, c, AUTR_STATE_VALID);
anchor->pending_count = 0;
return;
}
verbose_key(anchor, VERB_ALGO, "add-holddown time sanity check "
"failed (pending count: %d)", anchor->pending_count);
}
}
/** Event: RemTime */
static void
do_remtime(struct module_env* env, struct autr_ta* anchor, int* c)
{
time_t exceeded = check_holddown(env, anchor, env->cfg->del_holddown);
if(exceeded && anchor->s == AUTR_STATE_REVOKED) {
verbose_key(anchor, VERB_ALGO, "del-holddown time exceeded "
ARG_LL "d seconds ago", (long long)exceeded);
set_trustanchor_state(env, anchor, c, AUTR_STATE_REMOVED);
}
}
/** Event: KeyRem */
static void
do_keyrem(struct module_env* env, struct autr_ta* anchor, int* c)
{
if(anchor->s == AUTR_STATE_ADDPEND) {
set_trustanchor_state(env, anchor, c, AUTR_STATE_START);
anchor->pending_count = 0;
} else if(anchor->s == AUTR_STATE_VALID)
set_trustanchor_state(env, anchor, c, AUTR_STATE_MISSING);
}
/** Event: KeyPres */
static void
do_keypres(struct module_env* env, struct autr_ta* anchor, int* c)
{
if(anchor->s == AUTR_STATE_MISSING)
set_trustanchor_state(env, anchor, c, AUTR_STATE_VALID);
}
/* Event: Revoked */
static void
do_revoked(struct module_env* env, struct autr_ta* anchor, int* c)
{
if(anchor->s == AUTR_STATE_VALID || anchor->s == AUTR_STATE_MISSING) {
set_trustanchor_state(env, anchor, c, AUTR_STATE_REVOKED);
verbose_key(anchor, VERB_ALGO, "old id, prior to revocation");
revoke_dnskey(anchor, 0);
verbose_key(anchor, VERB_ALGO, "new id, after revocation");
}
}
/** Do statestable transition matrix for anchor */
static void
anchor_state_update(struct module_env* env, struct autr_ta* anchor, int* c)
{
log_assert(anchor);
switch(anchor->s) {
/* START */
case AUTR_STATE_START:
/* NewKey: ADDPEND */
if (anchor->fetched)
do_newkey(env, anchor, c);
break;
/* ADDPEND */
case AUTR_STATE_ADDPEND:
/* KeyRem: START */
if (!anchor->fetched)
do_keyrem(env, anchor, c);
/* AddTime: VALID */
else do_addtime(env, anchor, c);
break;
/* VALID */
case AUTR_STATE_VALID:
/* RevBit: REVOKED */
if (anchor->revoked)
do_revoked(env, anchor, c);
/* KeyRem: MISSING */
else if (!anchor->fetched)
do_keyrem(env, anchor, c);
else if(!anchor->last_change) {
verbose_key(anchor, VERB_ALGO, "first seen");
reset_holddown(env, anchor, c);
}
break;
/* MISSING */
case AUTR_STATE_MISSING:
/* RevBit: REVOKED */
if (anchor->revoked)
do_revoked(env, anchor, c);
/* KeyPres */
else if (anchor->fetched)
do_keypres(env, anchor, c);
break;
/* REVOKED */
case AUTR_STATE_REVOKED:
if (anchor->fetched)
reset_holddown(env, anchor, c);
/* RemTime: REMOVED */
else do_remtime(env, anchor, c);
break;
/* REMOVED */
case AUTR_STATE_REMOVED:
default:
break;
}
}
/** if ZSK init then trust KSKs */
static int
init_zsk_to_ksk(struct module_env* env, struct trust_anchor* tp, int* changed)
{
/* search for VALID ZSKs */
struct autr_ta* anchor;
int validzsk = 0;
int validksk = 0;
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
/* last_change test makes sure it was manually configured */
if(sldns_wirerr_get_type(anchor->rr, anchor->rr_len,
anchor->dname_len) == LDNS_RR_TYPE_DNSKEY &&
anchor->last_change == 0 &&
!ta_is_dnskey_sep(anchor) &&
anchor->s == AUTR_STATE_VALID)
validzsk++;
}
if(validzsk == 0)
return 0;
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
if (ta_is_dnskey_sep(anchor) &&
anchor->s == AUTR_STATE_ADDPEND) {
verbose_key(anchor, VERB_ALGO, "trust KSK from "
"ZSK(config)");
set_trustanchor_state(env, anchor, changed,
AUTR_STATE_VALID);
validksk++;
}
}
return validksk;
}
/** Remove missing trustanchors so the list does not grow forever */
static void
remove_missing_trustanchors(struct module_env* env, struct trust_anchor* tp,
int* changed)
{
struct autr_ta* anchor;
time_t exceeded;
int valid = 0;
/* see if we have anchors that are valid */
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
/* Only do KSKs */
if (!ta_is_dnskey_sep(anchor))
continue;
if (anchor->s == AUTR_STATE_VALID)
valid++;
}
/* if there are no SEP Valid anchors, see if we started out with
* a ZSK (last-change=0) anchor, which is VALID and there are KSKs
* now that can be made valid. Do this immediately because there
* is no guarantee that the ZSKs get announced long enough. Usually
* this is immediately after init with a ZSK trusted, unless the domain
* was not advertising any KSKs at all. In which case we perfectly
* track the zero number of KSKs. */
if(valid == 0) {
valid = init_zsk_to_ksk(env, tp, changed);
if(valid == 0)
return;
}
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
/* ignore ZSKs if newly added */
if(anchor->s == AUTR_STATE_START)
continue;
/* remove ZSKs if a KSK is present */
if (!ta_is_dnskey_sep(anchor)) {
if(valid > 0) {
verbose_key(anchor, VERB_ALGO, "remove ZSK "
"[%d key(s) VALID]", valid);
set_trustanchor_state(env, anchor, changed,
AUTR_STATE_REMOVED);
}
continue;
}
/* Only do MISSING keys */
if (anchor->s != AUTR_STATE_MISSING)
continue;
if(env->cfg->keep_missing == 0)
continue; /* keep forever */
exceeded = check_holddown(env, anchor, env->cfg->keep_missing);
/* If keep_missing has exceeded and we still have more than
* one valid KSK: remove missing trust anchor */
if (exceeded && valid > 0) {
verbose_key(anchor, VERB_ALGO, "keep-missing time "
"exceeded " ARG_LL "d seconds ago, [%d key(s) VALID]",
(long long)exceeded, valid);
set_trustanchor_state(env, anchor, changed,
AUTR_STATE_REMOVED);
}
}
}
/** Do the statetable from RFC5011 transition matrix */
static int
do_statetable(struct module_env* env, struct trust_anchor* tp, int* changed)
{
struct autr_ta* anchor;
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
/* Only do KSKs */
if(!ta_is_dnskey_sep(anchor))
continue;
anchor_state_update(env, anchor, changed);
}
remove_missing_trustanchors(env, tp, changed);
return 1;
}
/** See if time alone makes ADDPEND to VALID transition */
static void
autr_holddown_exceed(struct module_env* env, struct trust_anchor* tp, int* c)
{
struct autr_ta* anchor;
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
if(ta_is_dnskey_sep(anchor) &&
anchor->s == AUTR_STATE_ADDPEND)
do_addtime(env, anchor, c);
}
}
/** cleanup key list */
static void
autr_cleanup_keys(struct trust_anchor* tp)
{
struct autr_ta* p, **prevp;
prevp = &tp->autr->keys;
p = tp->autr->keys;
while(p) {
/* do we want to remove this key? */
if(p->s == AUTR_STATE_START || p->s == AUTR_STATE_REMOVED ||
sldns_wirerr_get_type(p->rr, p->rr_len, p->dname_len)
!= LDNS_RR_TYPE_DNSKEY) {
struct autr_ta* np = p->next;
/* remove */
free(p->rr);
free(p);
/* snip and go to next item */
*prevp = np;
p = np;
continue;
}
/* remove pending counts if no longer pending */
if(p->s != AUTR_STATE_ADDPEND)
p->pending_count = 0;
prevp = &p->next;
p = p->next;
}
}
/** calculate next probe time */
static time_t
calc_next_probe(struct module_env* env, time_t wait)
{
/* make it random, 90-100% */
time_t rnd, rest;
if(!autr_permit_small_holddown) {
if(wait < 3600)
wait = 3600;
} else {
if(wait == 0) wait = 1;
}
rnd = wait/10;
rest = wait-rnd;
rnd = (time_t)ub_random_max(env->rnd, (long int)rnd);
return (time_t)(*env->now + rest + rnd);
}
/** what is first probe time (anchors must be locked) */
static time_t
wait_probe_time(struct val_anchors* anchors)
{
rbnode_type* t = rbtree_first(&anchors->autr->probe);
if(t != RBTREE_NULL)
return ((struct trust_anchor*)t->key)->autr->next_probe_time;
return 0;
}
/** reset worker timer */
static void
reset_worker_timer(struct module_env* env)
{
struct timeval tv;
#ifndef S_SPLINT_S
time_t next = (time_t)wait_probe_time(env->anchors);
/* in case this is libunbound, no timer */
if(!env->probe_timer)
return;
if(next > *env->now)
tv.tv_sec = (time_t)(next - *env->now);
else tv.tv_sec = 0;
#endif
tv.tv_usec = 0;
comm_timer_set(env->probe_timer, &tv);
verbose(VERB_ALGO, "scheduled next probe in " ARG_LL "d sec", (long long)tv.tv_sec);
}
/** set next probe for trust anchor */
static int
set_next_probe(struct module_env* env, struct trust_anchor* tp,
struct ub_packed_rrset_key* dnskey_rrset)
{
struct trust_anchor key, *tp2;
time_t mold, mnew;
/* use memory allocated in rrset for temporary name storage */
key.node.key = &key;
key.name = dnskey_rrset->rk.dname;
key.namelen = dnskey_rrset->rk.dname_len;
key.namelabs = dname_count_labels(key.name);
key.dclass = tp->dclass;
lock_basic_unlock(&tp->lock);
/* fetch tp again and lock anchors, so that we can modify the trees */
lock_basic_lock(&env->anchors->lock);
tp2 = (struct trust_anchor*)rbtree_search(env->anchors->tree, &key);
if(!tp2) {
verbose(VERB_ALGO, "trustpoint was deleted in set_next_probe");
lock_basic_unlock(&env->anchors->lock);
return 0;
}
log_assert(tp == tp2);
lock_basic_lock(&tp->lock);
/* schedule */
mold = wait_probe_time(env->anchors);
(void)rbtree_delete(&env->anchors->autr->probe, tp);
tp->autr->next_probe_time = calc_next_probe(env,
tp->autr->query_interval);
(void)rbtree_insert(&env->anchors->autr->probe, &tp->autr->pnode);
mnew = wait_probe_time(env->anchors);
lock_basic_unlock(&env->anchors->lock);
verbose(VERB_ALGO, "next probe set in %d seconds",
(int)tp->autr->next_probe_time - (int)*env->now);
if(mold != mnew) {
reset_worker_timer(env);
}
return 1;
}
/** Revoke and Delete a trust point */
static void
autr_tp_remove(struct module_env* env, struct trust_anchor* tp,
struct ub_packed_rrset_key* dnskey_rrset)
{
struct trust_anchor* del_tp;
struct trust_anchor key;
struct autr_point_data pd;
time_t mold, mnew;
log_nametypeclass(VERB_OPS, "trust point was revoked",
tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass);
tp->autr->revoked = 1;
/* use space allocated for dnskey_rrset to save name of anchor */
memset(&key, 0, sizeof(key));
memset(&pd, 0, sizeof(pd));
key.autr = &pd;
key.node.key = &key;
pd.pnode.key = &key;
pd.next_probe_time = tp->autr->next_probe_time;
key.name = dnskey_rrset->rk.dname;
key.namelen = tp->namelen;
key.namelabs = tp->namelabs;
key.dclass = tp->dclass;
/* unlock */
lock_basic_unlock(&tp->lock);
/* take from tree. It could be deleted by someone else,hence (void). */
lock_basic_lock(&env->anchors->lock);
del_tp = (struct trust_anchor*)rbtree_delete(env->anchors->tree, &key);
mold = wait_probe_time(env->anchors);
(void)rbtree_delete(&env->anchors->autr->probe, &key);
mnew = wait_probe_time(env->anchors);
anchors_init_parents_locked(env->anchors);
lock_basic_unlock(&env->anchors->lock);
/* if !del_tp then the trust point is no longer present in the tree,
* it was deleted by someone else, who will write the zonefile and
* clean up the structure */
if(del_tp) {
/* save on disk */
del_tp->autr->next_probe_time = 0; /* no more probing for it */
autr_write_file(env, del_tp);
/* delete */
autr_point_delete(del_tp);
}
if(mold != mnew) {
reset_worker_timer(env);
}
}
int autr_process_prime(struct module_env* env, struct val_env* ve,
struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset)
{
int changed = 0;
log_assert(tp && tp->autr);
/* autotrust update trust anchors */
/* the tp is locked, and stays locked unless it is deleted */
/* we could just catch the anchor here while another thread
* is busy deleting it. Just unlock and let the other do its job */
if(tp->autr->revoked) {
log_nametypeclass(VERB_ALGO, "autotrust not processed, "
"trust point revoked", tp->name,
LDNS_RR_TYPE_DNSKEY, tp->dclass);
lock_basic_unlock(&tp->lock);
return 0; /* it is revoked */
}
/* query_dnskeys(): */
tp->autr->last_queried = *env->now;
log_nametypeclass(VERB_ALGO, "autotrust process for",
tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass);
/* see if time alone makes some keys valid */
autr_holddown_exceed(env, tp, &changed);
if(changed) {
verbose(VERB_ALGO, "autotrust: morekeys, reassemble");
if(!autr_assemble(tp)) {
log_err("malloc failure assembling autotrust keys");
return 1; /* unchanged */
}
}
/* did we get any data? */
if(!dnskey_rrset) {
verbose(VERB_ALGO, "autotrust: no dnskey rrset");
/* no update of query_failed, because then we would have
* to write to disk. But we cannot because we maybe are
* still 'initialising' with DS records, that we cannot write
* in the full format (which only contains KSKs). */
return 1; /* trust point exists */
}
/* check for revoked keys to remove immediately */
check_contains_revoked(env, ve, tp, dnskey_rrset, &changed);
if(changed) {
verbose(VERB_ALGO, "autotrust: revokedkeys, reassemble");
if(!autr_assemble(tp)) {
log_err("malloc failure assembling autotrust keys");
return 1; /* unchanged */
}
if(!tp->ds_rrset && !tp->dnskey_rrset) {
/* no more keys, all are revoked */
/* this is a success for this probe attempt */
tp->autr->last_success = *env->now;
autr_tp_remove(env, tp, dnskey_rrset);
return 0; /* trust point removed */
}
}
/* verify the dnskey rrset and see if it is valid. */
if(!verify_dnskey(env, ve, tp, dnskey_rrset)) {
verbose(VERB_ALGO, "autotrust: dnskey did not verify.");
/* only increase failure count if this is not the first prime,
* this means there was a previous successful probe */
if(tp->autr->last_success) {
tp->autr->query_failed += 1;
autr_write_file(env, tp);
}
return 1; /* trust point exists */
}
tp->autr->last_success = *env->now;
tp->autr->query_failed = 0;
/* Add new trust anchors to the data structure
* - note which trust anchors are seen this probe.
* Set trustpoint query_interval and retry_time.
* - find minimum rrsig expiration interval
*/
if(!update_events(env, ve, tp, dnskey_rrset, &changed)) {
log_err("malloc failure in autotrust update_events. "
"trust point unchanged.");
return 1; /* trust point unchanged, so exists */
}
/* - for every SEP key do the 5011 statetable.
* - remove missing trustanchors (if veryold and we have new anchors).
*/
if(!do_statetable(env, tp, &changed)) {
log_err("malloc failure in autotrust do_statetable. "
"trust point unchanged.");
return 1; /* trust point unchanged, so exists */
}
autr_cleanup_keys(tp);
if(!set_next_probe(env, tp, dnskey_rrset))
return 0; /* trust point does not exist */
autr_write_file(env, tp);
if(changed) {
verbose(VERB_ALGO, "autotrust: changed, reassemble");
if(!autr_assemble(tp)) {
log_err("malloc failure assembling autotrust keys");
return 1; /* unchanged */
}
if(!tp->ds_rrset && !tp->dnskey_rrset) {
/* no more keys, all are revoked */
autr_tp_remove(env, tp, dnskey_rrset);
return 0; /* trust point removed */
}
} else verbose(VERB_ALGO, "autotrust: no changes");
return 1; /* trust point exists */
}
/** debug print a trust anchor key */
static void
autr_debug_print_ta(struct autr_ta* ta)
{
char buf[32];
char* str = sldns_wire2str_rr(ta->rr, ta->rr_len);
if(!str) {
log_info("out of memory in debug_print_ta");
return;
}
if(str && str[0]) str[strlen(str)-1]=0; /* remove newline */
ctime_r(&ta->last_change, buf);
if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
log_info("[%s] %s ;;state:%d ;;pending_count:%d%s%s last:%s",
trustanchor_state2str(ta->s), str, ta->s, ta->pending_count,
ta->fetched?" fetched":"", ta->revoked?" revoked":"", buf);
free(str);
}
/** debug print a trust point */
static void
autr_debug_print_tp(struct trust_anchor* tp)
{
struct autr_ta* ta;
char buf[257];
if(!tp->autr)
return;
dname_str(tp->name, buf);
log_info("trust point %s : %d", buf, (int)tp->dclass);
log_info("assembled %d DS and %d DNSKEYs",
(int)tp->numDS, (int)tp->numDNSKEY);
if(tp->ds_rrset) {
log_packed_rrset(0, "DS:", tp->ds_rrset);
}
if(tp->dnskey_rrset) {
log_packed_rrset(0, "DNSKEY:", tp->dnskey_rrset);
}
log_info("file %s", tp->autr->file);
ctime_r(&tp->autr->last_queried, buf);
if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
log_info("last_queried: %u %s", (unsigned)tp->autr->last_queried, buf);
ctime_r(&tp->autr->last_success, buf);
if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
log_info("last_success: %u %s", (unsigned)tp->autr->last_success, buf);
ctime_r(&tp->autr->next_probe_time, buf);
if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
log_info("next_probe_time: %u %s", (unsigned)tp->autr->next_probe_time,
buf);
log_info("query_interval: %u", (unsigned)tp->autr->query_interval);
log_info("retry_time: %u", (unsigned)tp->autr->retry_time);
log_info("query_failed: %u", (unsigned)tp->autr->query_failed);
for(ta=tp->autr->keys; ta; ta=ta->next) {
autr_debug_print_ta(ta);
}
}
void
autr_debug_print(struct val_anchors* anchors)
{
struct trust_anchor* tp;
lock_basic_lock(&anchors->lock);
RBTREE_FOR(tp, struct trust_anchor*, anchors->tree) {
lock_basic_lock(&tp->lock);
autr_debug_print_tp(tp);
lock_basic_unlock(&tp->lock);
}
lock_basic_unlock(&anchors->lock);
}
void probe_answer_cb(void* arg, int ATTR_UNUSED(rcode),
sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(sec),
char* ATTR_UNUSED(why_bogus))
{
/* retry was set before the query was done,
* re-querytime is set when query succeeded, but that may not
* have reset this timer because the query could have been
* handled by another thread. In that case, this callback would
* get called after the original timeout is done.
* By not resetting the timer, it may probe more often, but not
* less often.
* Unless the new lookup resulted in smaller TTLs and thus smaller
* timeout values. In that case one old TTL could be mistakenly done.
*/
struct module_env* env = (struct module_env*)arg;
verbose(VERB_ALGO, "autotrust probe answer cb");
reset_worker_timer(env);
}
/** probe a trust anchor DNSKEY and unlocks tp */
static void
probe_anchor(struct module_env* env, struct trust_anchor* tp)
{
struct query_info qinfo;
uint16_t qflags = BIT_RD;
struct edns_data edns;
sldns_buffer* buf = env->scratch_buffer;
qinfo.qname = regional_alloc_init(env->scratch, tp->name, tp->namelen);
if(!qinfo.qname) {
log_err("out of memory making 5011 probe");
return;
}
qinfo.qname_len = tp->namelen;
qinfo.qtype = LDNS_RR_TYPE_DNSKEY;
qinfo.qclass = tp->dclass;
qinfo.local_alias = NULL;
log_query_info(VERB_ALGO, "autotrust probe", &qinfo);
verbose(VERB_ALGO, "retry probe set in %d seconds",
(int)tp->autr->next_probe_time - (int)*env->now);
edns.edns_present = 1;
edns.ext_rcode = 0;
edns.edns_version = 0;
edns.bits = EDNS_DO;
edns.opt_list = NULL;
if(sldns_buffer_capacity(buf) < 65535)
edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
else edns.udp_size = 65535;
/* can't hold the lock while mesh_run is processing */
lock_basic_unlock(&tp->lock);
/* delete the DNSKEY from rrset and key cache so an active probe
* is done. First the rrset so another thread does not use it
* to recreate the key entry in a race condition. */
rrset_cache_remove(env->rrset_cache, qinfo.qname, qinfo.qname_len,
qinfo.qtype, qinfo.qclass, 0);
key_cache_remove(env->key_cache, qinfo.qname, qinfo.qname_len,
qinfo.qclass);
if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
&probe_answer_cb, env)) {
log_err("out of memory making 5011 probe");
}
}
/** fetch first to-probe trust-anchor and lock it and set retrytime */
static struct trust_anchor*
todo_probe(struct module_env* env, time_t* next)
{
struct trust_anchor* tp;
rbnode_type* el;
/* get first one */
lock_basic_lock(&env->anchors->lock);
if( (el=rbtree_first(&env->anchors->autr->probe)) == RBTREE_NULL) {
/* in case of revoked anchors */
lock_basic_unlock(&env->anchors->lock);
/* signal that there are no anchors to probe */
*next = 0;
return NULL;
}
tp = (struct trust_anchor*)el->key;
lock_basic_lock(&tp->lock);
/* is it eligible? */
if((time_t)tp->autr->next_probe_time > *env->now) {
/* no more to probe */
*next = (time_t)tp->autr->next_probe_time - *env->now;
lock_basic_unlock(&tp->lock);
lock_basic_unlock(&env->anchors->lock);
return NULL;
}
/* reset its next probe time */
(void)rbtree_delete(&env->anchors->autr->probe, tp);
tp->autr->next_probe_time = calc_next_probe(env, tp->autr->retry_time);
(void)rbtree_insert(&env->anchors->autr->probe, &tp->autr->pnode);
lock_basic_unlock(&env->anchors->lock);
return tp;
}
time_t
autr_probe_timer(struct module_env* env)
{
struct trust_anchor* tp;
time_t next_probe = 3600;
int num = 0;
if(autr_permit_small_holddown) next_probe = 1;
verbose(VERB_ALGO, "autotrust probe timer callback");
/* while there are still anchors to probe */
while( (tp = todo_probe(env, &next_probe)) ) {
/* make a probe for this anchor */
probe_anchor(env, tp);
num++;
}
regional_free_all(env->scratch);
if(next_probe == 0)
return 0; /* no trust points to probe */
verbose(VERB_ALGO, "autotrust probe timer %d callbacks done", num);
return next_probe;
}