contrib/bind-9.3/lib/dns/keytable.c

   1 /*
   2  * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
   3  * Copyright (C) 2000, 2001  Internet Software Consortium.
   4  *
   5  * Permission to use, copy, modify, and distribute this software for any
   6  * purpose with or without fee is hereby granted, provided that the above
   7  * copyright notice and this permission notice appear in all copies.
   8  *
   9  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  10  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  11  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  12  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  13  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  14  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  15  * PERFORMANCE OF THIS SOFTWARE.
  16  */
  17
  18 /* $Id: keytable.c,v 1.26.12.5 2006/01/06 00:01:42 marka Exp $ */
  19
  20 #include <config.h>
  21
  22 #include <isc/mem.h>
  23 #include <isc/rwlock.h>
  24 #include <isc/string.h>         /* Required for HP/UX (and others?) */
  25 #include <isc/util.h>
  26
  27 #include <dns/keytable.h>
  28 #include <dns/fixedname.h>
  29 #include <dns/rbt.h>
  30 #include <dns/result.h>
  31
  32 struct dns_keytable {
  33         /* Unlocked. */
  34         unsigned int            magic;
  35         isc_mem_t               *mctx;
  36         isc_mutex_t             lock;
  37         isc_rwlock_t            rwlock;
  38         /* Locked by lock. */
  39         isc_uint32_t            active_nodes;
  40         /* Locked by rwlock. */
  41         isc_uint32_t            references;
  42         dns_rbt_t               *table;
  43 };
  44
  45 #define KEYTABLE_MAGIC                  ISC_MAGIC('K', 'T', 'b', 'l')
  46 #define VALID_KEYTABLE(kt)              ISC_MAGIC_VALID(kt, KEYTABLE_MAGIC)
  47
  48 struct dns_keynode {
  49         unsigned int            magic;
  50         dst_key_t *             key;
  51         struct dns_keynode *    next;
  52 };
  53
  54 #define KEYNODE_MAGIC                   ISC_MAGIC('K', 'N', 'o', 'd')
  55 #define VALID_KEYNODE(kn)               ISC_MAGIC_VALID(kn, KEYNODE_MAGIC)
  56
  57 static void
  58 free_keynode(void *node, void *arg) {
  59         dns_keynode_t *keynode = node;
  60         isc_mem_t *mctx = arg;
  61
  62         REQUIRE(VALID_KEYNODE(keynode));
  63         dst_key_free(&keynode->key);
  64         if (keynode->next != NULL)
  65                 free_keynode(keynode->next, mctx);
  66         isc_mem_put(mctx, keynode, sizeof(dns_keynode_t));
  67 }
  68
  69 isc_result_t
  70 dns_keytable_create(isc_mem_t *mctx, dns_keytable_t **keytablep) {
  71         dns_keytable_t *keytable;
  72         isc_result_t result;
  73
  74         /*
  75          * Create a keytable.
  76          */
  77
  78         REQUIRE(keytablep != NULL && *keytablep == NULL);
  79
  80         keytable = isc_mem_get(mctx, sizeof(*keytable));
  81         if (keytable == NULL)
  82                 return (ISC_R_NOMEMORY);
  83
  84         keytable->table = NULL;
  85         result = dns_rbt_create(mctx, free_keynode, mctx, &keytable->table);
  86         if (result != ISC_R_SUCCESS)
  87                 goto cleanup_keytable;
  88
  89         result = isc_mutex_init(&keytable->lock);
  90         if (result != ISC_R_SUCCESS) {
  91                 UNEXPECTED_ERROR(__FILE__, __LINE__,
  92                                  "isc_mutex_init() failed: %s",
  93                                  isc_result_totext(result));
  94                 result = ISC_R_UNEXPECTED;
  95                 goto cleanup_rbt;
  96         }
  97
  98         result = isc_rwlock_init(&keytable->rwlock, 0, 0);
  99         if (result != ISC_R_SUCCESS) {
 100                 UNEXPECTED_ERROR(__FILE__, __LINE__,
 101                                  "isc_rwlock_init() failed: %s",
 102                                  isc_result_totext(result));
 103                 result = ISC_R_UNEXPECTED;
 104                 goto cleanup_lock;
 105         }
 106
 107         keytable->mctx = mctx;
 108         keytable->active_nodes = 0;
 109         keytable->references = 1;
 110         keytable->magic = KEYTABLE_MAGIC;
 111         *keytablep = keytable;
 112
 113         return (ISC_R_SUCCESS);
 114
 115    cleanup_lock:
 116         DESTROYLOCK(&keytable->lock);
 117
 118    cleanup_rbt:
 119         dns_rbt_destroy(&keytable->table);
 120
 121    cleanup_keytable:
 122         isc_mem_put(mctx, keytable, sizeof(*keytable));
 123
 124         return (result);
 125 }
 126
 127
 128 void
 129 dns_keytable_attach(dns_keytable_t *source, dns_keytable_t **targetp) {
 130
 131         /*
 132          * Attach *targetp to source.
 133          */
 134
 135         REQUIRE(VALID_KEYTABLE(source));
 136         REQUIRE(targetp != NULL && *targetp == NULL);
 137
 138         RWLOCK(&source->rwlock, isc_rwlocktype_write);
 139
 140         INSIST(source->references > 0);
 141         source->references++;
 142         INSIST(source->references != 0);
 143
 144         RWUNLOCK(&source->rwlock, isc_rwlocktype_write);
 145
 146         *targetp = source;
 147 }
 148
 149 void
 150 dns_keytable_detach(dns_keytable_t **keytablep) {
 151         isc_boolean_t destroy = ISC_FALSE;
 152         dns_keytable_t *keytable;
 153
 154         /*
 155          * Detach *keytablep from its keytable.
 156          */
 157
 158         REQUIRE(keytablep != NULL && VALID_KEYTABLE(*keytablep));
 159
 160         keytable = *keytablep;
 161
 162         RWLOCK(&keytable->rwlock, isc_rwlocktype_write);
 163
 164         INSIST(keytable->references > 0);
 165         keytable->references--;
 166         LOCK(&keytable->lock);
 167         if (keytable->references == 0 && keytable->active_nodes == 0)
 168                 destroy = ISC_TRUE;
 169         UNLOCK(&keytable->lock);
 170
 171         RWUNLOCK(&keytable->rwlock, isc_rwlocktype_write);
 172
 173         if (destroy) {
 174                 dns_rbt_destroy(&keytable->table);
 175                 isc_rwlock_destroy(&keytable->rwlock);
 176                 DESTROYLOCK(&keytable->lock);
 177                 keytable->magic = 0;
 178                 isc_mem_put(keytable->mctx, keytable, sizeof(*keytable));
 179         }
 180
 181         *keytablep = NULL;
 182 }
 183
 184 isc_result_t
 185 dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp) {
 186         isc_result_t result;
 187         dns_keynode_t *knode;
 188         dns_rbtnode_t *node;
 189         dns_name_t *keyname;
 190
 191         /*
 192          * Add '*keyp' to 'keytable'.
 193          */
 194
 195         REQUIRE(VALID_KEYTABLE(keytable));
 196         REQUIRE(keyp != NULL);
 197
 198         keyname = dst_key_name(*keyp);
 199
 200         knode = isc_mem_get(keytable->mctx, sizeof(*knode));
 201         if (knode == NULL)
 202                 return (ISC_R_NOMEMORY);
 203
 204         RWLOCK(&keytable->rwlock, isc_rwlocktype_write);
 205
 206         node = NULL;
 207         result = dns_rbt_addnode(keytable->table, keyname, &node);
 208
 209         if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) {
 210                 knode->magic = KEYNODE_MAGIC;
 211                 knode->key = *keyp;
 212                 knode->next = node->data;
 213                 node->data = knode;
 214                 *keyp = NULL;
 215                 knode = NULL;
 216                 result = ISC_R_SUCCESS;
 217         }
 218
 219         RWUNLOCK(&keytable->rwlock, isc_rwlocktype_write);
 220
 221         if (knode != NULL)
 222                 isc_mem_put(keytable->mctx, knode, sizeof(*knode));
 223
 224         return (result);
 225 }
 226
 227 isc_result_t
 228 dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name,
 229                          dns_secalg_t algorithm, dns_keytag_t tag,
 230                          dns_keynode_t **keynodep)
 231 {
 232         isc_result_t result;
 233         dns_keynode_t *knode;
 234         void *data;
 235
 236         /*
 237          * Search for a key named 'name', matching 'algorithm' and 'tag' in
 238          * 'keytable'.
 239          */
 240
 241         REQUIRE(VALID_KEYTABLE(keytable));
 242         REQUIRE(dns_name_isabsolute(name));
 243         REQUIRE(keynodep != NULL && *keynodep == NULL);
 244
 245         RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
 246
 247         /*
 248          * Note we don't want the DNS_R_PARTIALMATCH from dns_rbt_findname()
 249          * as that indicates that 'name' was not found.
 250          *
 251          * DNS_R_PARTIALMATCH indicates that the name was found but we
 252          * didn't get a match on algorithm and key id arguments.
 253          */
 254         knode = NULL;
 255         data = NULL;
 256         result = dns_rbt_findname(keytable->table, name, 0, NULL, &data);
 257
 258         if (result == ISC_R_SUCCESS) {
 259                 INSIST(data != NULL);
 260                 for (knode = data; knode != NULL; knode = knode->next) {
 261                         if (algorithm == dst_key_alg(knode->key)
 262                             && tag == dst_key_id(knode->key))
 263                                 break;
 264                 }
 265                 if (knode != NULL) {
 266                         LOCK(&keytable->lock);
 267                         keytable->active_nodes++;
 268                         UNLOCK(&keytable->lock);
 269                         *keynodep = knode;
 270                 } else
 271                         result = DNS_R_PARTIALMATCH;
 272         } else if (result == DNS_R_PARTIALMATCH)
 273                 result = ISC_R_NOTFOUND;
 274
 275         RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
 276
 277         return (result);
 278 }
 279
 280 isc_result_t
 281 dns_keytable_findnextkeynode(dns_keytable_t *keytable, dns_keynode_t *keynode,
 282                              dns_keynode_t **nextnodep)
 283 {
 284         isc_result_t result;
 285         dns_keynode_t *knode;
 286
 287         /*
 288          * Search for the next key with the same properties as 'keynode' in
 289          * 'keytable'.
 290          */
 291
 292         REQUIRE(VALID_KEYTABLE(keytable));
 293         REQUIRE(VALID_KEYNODE(keynode));
 294         REQUIRE(nextnodep != NULL && *nextnodep == NULL);
 295
 296         for (knode = keynode->next; knode != NULL; knode = knode->next) {
 297                 if (dst_key_alg(keynode->key) == dst_key_alg(knode->key) &&
 298                     dst_key_id(keynode->key) == dst_key_id(knode->key))
 299                         break;
 300         }
 301         if (knode != NULL) {
 302                 LOCK(&keytable->lock);
 303                 keytable->active_nodes++;
 304                 UNLOCK(&keytable->lock);
 305                 result = ISC_R_SUCCESS;
 306                 *nextnodep = knode;
 307         } else
 308                 result = ISC_R_NOTFOUND;
 309
 310         return (result);
 311 }
 312
 313 isc_result_t
 314 dns_keytable_finddeepestmatch(dns_keytable_t *keytable, dns_name_t *name,
 315                               dns_name_t *foundname)
 316 {
 317         isc_result_t result;
 318         void *data;
 319
 320         /*
 321          * Search for the deepest match in 'keytable'.
 322          */
 323
 324         REQUIRE(VALID_KEYTABLE(keytable));
 325         REQUIRE(dns_name_isabsolute(name));
 326         REQUIRE(foundname != NULL);
 327
 328         RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
 329
 330         data = NULL;
 331         result = dns_rbt_findname(keytable->table, name, 0, foundname, &data);
 332
 333         if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
 334                 result = ISC_R_SUCCESS;
 335
 336         RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
 337
 338         return (result);
 339 }
 340
 341 void
 342 dns_keytable_detachkeynode(dns_keytable_t *keytable, dns_keynode_t **keynodep)
 343 {
 344         /*
 345          * Give back a keynode found via dns_keytable_findkeynode().
 346          */
 347
 348         REQUIRE(VALID_KEYTABLE(keytable));
 349         REQUIRE(keynodep != NULL && VALID_KEYNODE(*keynodep));
 350
 351         LOCK(&keytable->lock);
 352         INSIST(keytable->active_nodes > 0);
 353         keytable->active_nodes--;
 354         UNLOCK(&keytable->lock);
 355
 356         *keynodep = NULL;
 357 }
 358
 359 isc_result_t
 360 dns_keytable_issecuredomain(dns_keytable_t *keytable, dns_name_t *name,
 361                             isc_boolean_t *wantdnssecp)
 362 {
 363         isc_result_t result;
 364         void *data;
 365
 366         /*
 367          * Is 'name' at or beneath a trusted key?
 368          */
 369
 370         REQUIRE(VALID_KEYTABLE(keytable));
 371         REQUIRE(dns_name_isabsolute(name));
 372         REQUIRE(wantdnssecp != NULL);
 373
 374         RWLOCK(&keytable->rwlock, isc_rwlocktype_read);
 375
 376         data = NULL;
 377         result = dns_rbt_findname(keytable->table, name, 0, NULL, &data);
 378
 379         if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
 380                 INSIST(data != NULL);
 381                 *wantdnssecp = ISC_TRUE;
 382                 result = ISC_R_SUCCESS;
 383         } else if (result == ISC_R_NOTFOUND) {
 384                 *wantdnssecp = ISC_FALSE;
 385                 result = ISC_R_SUCCESS;
 386         }
 387
 388         RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read);
 389
 390         return (result);
 391 }
 392
 393 dst_key_t *
 394 dns_keynode_key(dns_keynode_t *keynode) {
 395
 396         /*
 397          * Get the DST key associated with keynode.
 398          */
 399
 400         REQUIRE(VALID_KEYNODE(keynode));
 401
 402         return (keynode->key);
 403 }