contrib/bind-9.2.4rc7/lib/dns/keytable.c

   1 /*
   2  * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
   3  * Copyright (C) 2000, 2001  Internet Software Consortium.
   4  *
   5  * Permission to use, copy, modify, and distribute this software for any
   6  * purpose with or without fee is hereby granted, provided that the above
   7  * copyright notice and this permission notice appear in all copies.
   8  *
   9  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  10  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  11  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  12  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  13  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  14  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  15  * PERFORMANCE OF THIS SOFTWARE.
  16  */
  17
  18 /* $Id: keytable.c,v 1.26.2.1 2004/03/09 06:11:02 marka Exp $ */
  19
  20 #include <config.h>
  21
  22 #include <isc/mem.h>
  23 #include <isc/rwlock.h>
  24 #include <isc/string.h>         /* Required for HP/UX (and others?) */
  25 #include <isc/util.h>
  26
  27 #include <dns/keytable.h>
  28 #include <dns/fixedname.h>
  29 #include <dns/rbt.h>
  30 #include <dns/result.h>
  31
  32 struct dns_keytable {
  33         /* Unlocked. */
  34         unsigned int            magic;
  35         isc_mem_t               *mctx;
  36         isc_mutex_t             lock;
  37         isc_rwlock_t            rwlock;
  38         /* Locked by lock. */
  39         isc_uint32_t            active_nodes;
  40         /* Locked by rwlock. */
  41         isc_uint32_t            references;
  42         dns_rbt_t               *table;
  43 };
  44
  45 #define KEYTABLE_MAGIC                  ISC_MAGIC('K', 'T', 'b', 'l')
  46 #define VALID_KEYTABLE(kt)              ISC_MAGIC_VALID(kt, KEYTABLE_MAGIC)
  47
  48 struct dns_keynode {
  49         unsigned int            magic;
  50         dst_key_t *             key;
  51         struct dns_keynode *    next;
  52 };
  53
  54 #define KEYNODE_MAGIC                   ISC_MAGIC('K', 'N', 'o', 'd')
  55 #define VALID_KEYNODE(kn)               ISC_MAGIC_VALID(kn, KEYNODE_MAGIC)
  56
  57 static void
  58 free_keynode(void *node, void *arg) {
  59         dns_keynode_t *keynode = node;
  60         isc_mem_t *mctx = arg;
  61
  62         REQUIRE(VALID_KEYNODE(keynode));
  63         dst_key_free(&keynode->key);
  64         if (keynode->next != NULL)
  65                 free_keynode(keynode->next, mctx);
  66         isc_mem_put(mctx, keynode, sizeof(dns_keynode_t));
  67 }
  68
  69 isc_result_t
  70 dns_keytable_create(isc_mem_t *mctx, dns_keytable_t **keytablep) {
  71         dns_keytable_t *keytable;
  72         isc_result_t result;
  73
  74         /*
  75          * Create a keytable.
  76          */
  77
  78         REQUIRE(keytablep != NULL && *keytablep == NULL);
  79
  80         keytable = isc_mem_get(mctx, sizeof *keytable);
  81         if (keytable == NULL)
  82                 return (ISC_R_NOMEMORY);
  83
  84         keytable->table = NULL;
  85         result = dns_rbt_create(mctx, free_keynode, mctx, &keytable->table);
  86         if (result != ISC_R_SUCCESS)
  87                 goto cleanup_keytable;
  88
  89         result = isc_mutex_init(&keytable->lock);
  90         if (result != ISC_R_SUCCESS) {
  91                 UNEXPECTED_ERROR(__FILE__, __LINE__,
  92                                  "isc_mutex_init() failed: %s",
  93                                  isc_result_totext(result));
  94                 result = ISC_R_UNEXPECTED;
  95                 goto cleanup_rbt;
  96         }
  97
  98         result = isc_rwlock_init(&keytable->rwlock, 0, 0);
  99         if (result != ISC_R_SUCCESS) {
 100                 UNEXPECTED_ERROR(__FILE__, __LINE__,
 101                                  "isc_rwlock_init() failed: %s",
 102                                  isc_result_totext(result));
 103                 result = ISC_R_UNEXPECTED;
 104                 goto cleanup_lock;
 105         }
 106
 107         keytable->mctx = mctx;
 108         keytable->active_nodes = 0;
 109         keytable->references = 1;
 110         keytable->magic = KEYTABLE_MAGIC;
 111         *keytablep = keytable;
 112
 113         return (ISC_R_SUCCESS);
 114
 115    cleanup_lock:
 116         DESTROYLOCK(&keytable->lock);
 117
 118    cleanup_rbt:
 119         dns_rbt_destroy(&keytable->table);
 120
 121    cleanup_keytable:
 122         isc_mem_put(mctx, keytable, sizeof *keytable);
 123
 124         return (result);
 125 }
 126
 127
 128 void
 129 dns_keytable_attach(dns_keytable_t *source, dns_keytable_t **targetp) {
 130
 131         /*
 132          * Attach *targetp to source.
 133          */
 134
 135         REQUIRE(VALID_KEYTABLE(source));
 136         REQUIRE(targetp != NULL && *targetp == NULL);
 137
 138         RWLOCK(&source->rwlock, isc_rwlocktype_write);
 139
 140         INSIST(source->references > 0);
 141         source->references++;
 142         INSIST(source->references != 0);
 143
 144         RWUNLOCK(&source->rwlock, isc_rwlocktype_write);
 145
 146         *targetp = source;
 147 }
 148
 149 void
 150 dns_keytable_detach(dns_keytable_t **keytablep) {
 151         isc_boolean_t destroy = ISC_FALSE;
 152         dns_keytable_t *keytable;
 153
 154         /*
 155          * Detach *keytablep from its keytable.
 156          */
 157
 158         REQUIRE(keytablep != NULL && VALID_KEYTABLE(*keytablep));
 159
 160         keytable = *keytablep;
 161
 162         RWLOCK(&keytable->rwlock, isc_rwlocktype_write);
 163
 164         INSIST(keytable->references > 0);
 165         keytable->references--;
 166         LOCK(&keytable->lock);
 167         if (keytable->references == 0 && keytable->active_nodes == 0)
 168                 destroy = ISC_TRUE;
 169         UNLOCK(&keytable->lock);
 170
 171         RWUNLOCK(&keytable->rwlock, isc_rwlocktype_write);
 172
 173         if (destroy) {
 174                 dns_rbt_destroy(&keytable->table);
 175                 isc_rwlock_destroy(&keytable->rwlock);
 176                 DESTROYLOCK(&keytable->lock);
 177                 keytable->magic = 0;
 178                 isc_mem_put(keytable->mctx, keytable, sizeof *keytable);
 179         }
 180
 181         *keytablep = NULL;
 182 }
 183
 184 isc_result_t
 185 dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) {
 186         isc_result_t result;
 187         dns_keynode_t *knode;
 188         dns_rbtnode_t *node;
 189         dns_name_t *keyname;
 190
 191         /*
 192          * Add '*keyp' to 'keytable'.
 193          */
 194
 195         REQUIRE(VALID_KEYTABLE(keytable));
 196         REQUIRE(keyp != NULL);
 197
 198         keyname = dst_key_name(*keyp);
 199
 200         knode = isc_mem_get(keytable->mctx, sizeof *knode);
 201         if (knode == NULL)
 202                 return (ISC_R_NOMEMORY);
 203
 204         RWLOCK(&keytable->rwlock, isc_rwlocktype_write);
 205
 206         node = NULL;
 207         result = dns_rbt_addnode(keytable->table, keyname, &node);
 208
 209         if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) {
 210                 knode->magic = KEYNODE_MAGIC;
 211                 knode->key = *keyp;
 212                 knode->next = node->data;
 213                 node->data = knode;
 214                 *keyp = NULL;
 215                 knode = NULL;
 216                 result = ISC_R_SUCCESS;
 217         }
 218
 219         RWUNLOCK(&keytable->rwlock, isc_rwlocktype_write);
 220
 221         if (knode != NULL)
 222                 isc_mem_put(keytable->mctx, knode, sizeof *knode);
 223
 224         return (result);
 225 }
 226
 227 isc_result_t
 228 dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name,
 229                          dns_secalg_t algorithm, dns_keytag_t tag,
 230                          dns_keynode_t **keynodep)
 231 {
 232         isc_result_t result;
 233         dns_keynode_t *knode;
 234         void *data;
 235
 236         /*
 237          * Search for a key named 'name', matching 'algorithm' and 'tag' in
 238          * 'keytable'.
 239          */
 240
 241         REQUIRE(VALID_KEYTABLE(keytable));
 242         REQUIRE(dns_name_isabsolute(name));
 243         REQUIRE(keynodep != NULL && *keynodep == NULL);
 244
 245         RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
 246
 247         knode = NULL;
 248         data = NULL;
 249         result = dns_rbt_findname(keytable->table, name, 0, NULL, &data);
 250
 251         if (result == ISC_R_SUCCESS) {
 252                 INSIST(data != NULL);
 253                 for (knode = data; knode != NULL; knode = knode->next) {
 254                         if (algorithm == dst_key_alg(knode->key)
 255                             && tag == dst_key_id(knode->key))
 256                                 break;
 257                 }
 258                 if (knode != NULL) {
 259                         LOCK(&keytable->lock);
 260                         keytable->active_nodes++;
 261                         UNLOCK(&keytable->lock);
 262                         *keynodep = knode;
 263                 } else
 264                         result = ISC_R_NOTFOUND;
 265         } else if (result == DNS_R_PARTIALMATCH)
 266                 result = ISC_R_NOTFOUND;
 267
 268         RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
 269
 270         return (result);
 271 }
 272
 273 isc_result_t
 274 dns_keytable_findnextkeynode(dns_keytable_t *keytable, dns_keynode_t *keynode,
 275                              dns_keynode_t **nextnodep)
 276 {
 277         isc_result_t result;
 278         dns_keynode_t *knode;
 279
 280         /*
 281          * Search for the next key with the same properties as 'keynode' in
 282          * 'keytable'.
 283          */
 284
 285         REQUIRE(VALID_KEYTABLE(keytable));
 286         REQUIRE(VALID_KEYNODE(keynode));
 287         REQUIRE(nextnodep != NULL && *nextnodep == NULL);
 288
 289         for (knode = keynode->next; knode != NULL; knode = knode->next) {
 290                 if (dst_key_alg(keynode->key) == dst_key_alg(knode->key) &&
 291                     dst_key_id(keynode->key) == dst_key_id(knode->key))
 292                         break;
 293         }
 294         if (knode != NULL) {
 295                 LOCK(&keytable->lock);
 296                 keytable->active_nodes++;
 297                 UNLOCK(&keytable->lock);
 298                 result = ISC_R_SUCCESS;
 299                 *nextnodep = knode;
 300         } else
 301                 result = ISC_R_NOTFOUND;
 302
 303         return (result);
 304 }
 305
 306 isc_result_t
 307 dns_keytable_finddeepestmatch(dns_keytable_t *keytable, dns_name_t *name,
 308                               dns_name_t *foundname)
 309 {
 310         isc_result_t result;
 311         void *data;
 312
 313         /*
 314          * Search for the deepest match in 'keytable'.
 315          */
 316
 317         REQUIRE(VALID_KEYTABLE(keytable));
 318         REQUIRE(dns_name_isabsolute(name));
 319         REQUIRE(foundname != NULL);
 320
 321         RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
 322
 323         data = NULL;
 324         result = dns_rbt_findname(keytable->table, name, 0, foundname, &data);
 325
 326         if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
 327                 result = ISC_R_SUCCESS;
 328
 329         RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
 330
 331         return (result);
 332 }
 333
 334 void
 335 dns_keytable_detachkeynode(dns_keytable_t *keytable, dns_keynode_t **keynodep)
 336 {
 337         /*
 338          * Give back a keynode found via dns_keytable_findkeynode().
 339          */
 340
 341         REQUIRE(VALID_KEYTABLE(keytable));
 342         REQUIRE(keynodep != NULL && VALID_KEYNODE(*keynodep));
 343
 344         LOCK(&keytable->lock);
 345         INSIST(keytable->active_nodes > 0);
 346         keytable->active_nodes--;
 347         UNLOCK(&keytable->lock);
 348
 349         *keynodep = NULL;
 350 }
 351
 352 isc_result_t
 353 dns_keytable_issecuredomain(dns_keytable_t *keytable, dns_name_t *name,
 354                             isc_boolean_t *wantdnssecp)
 355 {
 356         isc_result_t result;
 357         void *data;
 358
 359         /*
 360          * Is 'name' at or beneath a trusted key?
 361          */
 362
 363         REQUIRE(VALID_KEYTABLE(keytable));
 364         REQUIRE(dns_name_isabsolute(name));
 365         REQUIRE(wantdnssecp != NULL);
 366
 367         RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
 368
 369         data = NULL;
 370         result = dns_rbt_findname(keytable->table, name, 0, NULL, &data);
 371
 372         if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
 373                 INSIST(data != NULL);
 374                 *wantdnssecp = ISC_TRUE;
 375                 result = ISC_R_SUCCESS;
 376         } else if (result == ISC_R_NOTFOUND) {
 377                 *wantdnssecp = ISC_FALSE;
 378                 result = ISC_R_SUCCESS;
 379         }
 380
 381         RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
 382
 383         return (result);
 384 }
 385
 386 dst_key_t *
 387 dns_keynode_key(dns_keynode_t *keynode) {
 388
 389         /*
 390          * Get the DST key associated with keynode.
 391          */
 392
 393         REQUIRE(VALID_KEYNODE(keynode));
 394
 395         return (keynode->key);
 396 }