int
local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg)
{
/* create zones from zone statements. */
if(!lz_enter_zones(zones, cfg)) {
return 0;
}
/* apply default zones+content (unless disabled, or overridden) */
if(!lz_enter_defaults(zones, cfg)) {
return 0;
}
/* enter local zone overrides */
if(!lz_enter_overrides(zones, cfg)) {
return 0;
}
/* create implicit transparent zone from data. */
if(!lz_setup_implicit(zones, cfg)) {
return 0;
}
/* setup parent ptrs for lookup during data entry */
init_parents(zones);
/* insert local zone tags */
if(!lz_enter_zone_tags(zones, cfg)) {
return 0;
}
/* insert local data */
if(!lz_enter_data(zones, cfg)) {
return 0;
}
/* freeup memory from cfg struct. */
lz_freeup_cfg(cfg);
return 1;
}
int
anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
{
struct config_strlist* f;
char* nm;
ldns_buffer* parsebuf = ldns_buffer_new(65535);
for(f = cfg->domain_insecure; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
if(!anchor_insert_insecure(anchors, f->str)) {
log_err("error in domain-insecure: %s", f->str);
ldns_buffer_free(parsebuf);
return 0;
}
}
for(f = cfg->trust_anchor_file_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
nm = f->str;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
if(!anchor_read_file(anchors, parsebuf, nm, 0)) {
log_err("error reading trust-anchor-file: %s", f->str);
ldns_buffer_free(parsebuf);
return 0;
}
}
for(f = cfg->trusted_keys_file_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
nm = f->str;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
if(!anchor_read_bind_file_wild(anchors, parsebuf, nm)) {
log_err("error reading trusted-keys-file: %s", f->str);
ldns_buffer_free(parsebuf);
return 0;
}
}
for(f = cfg->trust_anchor_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
if(!anchor_store_str(anchors, parsebuf, f->str)) {
log_err("error in trust-anchor: \"%s\"", f->str);
ldns_buffer_free(parsebuf);
return 0;
}
}
if(cfg->dlv_anchor_file && cfg->dlv_anchor_file[0] != 0) {
struct trust_anchor* dlva;
nm = cfg->dlv_anchor_file;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
if(!(dlva = anchor_read_file(anchors, parsebuf,
nm, 1))) {
log_err("error reading dlv-anchor-file: %s",
cfg->dlv_anchor_file);
ldns_buffer_free(parsebuf);
return 0;
}
lock_basic_lock(&anchors->lock);
anchors->dlv_anchor = dlva;
lock_basic_unlock(&anchors->lock);
}
for(f = cfg->dlv_anchor_list; f; f = f->next) {
struct trust_anchor* dlva;
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
if(!(dlva = anchor_store_str(
anchors, parsebuf, f->str))) {
log_err("error in dlv-anchor: \"%s\"", f->str);
ldns_buffer_free(parsebuf);
return 0;
}
lock_basic_lock(&anchors->lock);
anchors->dlv_anchor = dlva;
lock_basic_unlock(&anchors->lock);
}
/* do autr last, so that it sees what anchors are filled by other
* means can can print errors about double config for the name */
for(f = cfg->auto_trust_anchor_file_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
nm = f->str;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
if(!autr_read_file(anchors, nm)) {
log_err("error reading auto-trust-anchor-file: %s",
f->str);
ldns_buffer_free(parsebuf);
return 0;
}
}
/* first assemble, since it may delete useless anchors */
anchors_assemble_rrsets(anchors);
init_parents(anchors);
ldns_buffer_free(parsebuf);
if(verbosity >= VERB_ALGO) autr_debug_print(anchors);
return 1;
}
/** enter implicit transparent zone for local-data: without local-zone: */
static int
lz_setup_implicit(struct local_zones* zones, struct config_file* cfg)
{
/* walk over all items that have no parent zone and find
* the name that covers them all (could be the root) and
* add that as a transparent zone */
struct config_strlist* p;
int have_name = 0;
int have_other_classes = 0;
uint16_t dclass = 0;
uint8_t* nm = 0;
size_t nmlen = 0;
int nmlabs = 0;
int match = 0; /* number of labels match count */
init_parents(zones); /* to enable local_zones_lookup() */
for(p = cfg->local_data; p; p = p->next) {
uint8_t* rr_name;
uint16_t rr_class;
size_t len;
int labs;
if(!get_rr_nameclass(p->str, &rr_name, &rr_class)) {
log_err("Bad local-data RR %s", p->str);
return 0;
}
labs = dname_count_size_labels(rr_name, &len);
lock_rw_rdlock(&zones->lock);
if(!local_zones_lookup(zones, rr_name, len, labs, rr_class)) {
if(!have_name) {
dclass = rr_class;
nm = rr_name;
nmlen = len;
nmlabs = labs;
match = labs;
have_name = 1;
} else {
int m;
if(rr_class != dclass) {
/* process other classes later */
free(rr_name);
have_other_classes = 1;
lock_rw_unlock(&zones->lock);
continue;
}
/* find smallest shared topdomain */
(void)dname_lab_cmp(nm, nmlabs,
rr_name, labs, &m);
free(rr_name);
if(m < match)
match = m;
}
} else free(rr_name);
lock_rw_unlock(&zones->lock);
}
if(have_name) {
uint8_t* n2;
struct local_zone* z;
/* allocate zone of smallest shared topdomain to contain em */
n2 = nm;
dname_remove_labels(&n2, &nmlen, nmlabs - match);
n2 = memdup(n2, nmlen);
free(nm);
if(!n2) {
log_err("out of memory");
return 0;
}
log_nametypeclass(VERB_ALGO, "implicit transparent local-zone",
n2, 0, dclass);
if(!(z=lz_enter_zone_dname(zones, n2, nmlen, match,
local_zone_transparent, dclass))) {
return 0;
}
lock_rw_unlock(&z->lock);
}
if(have_other_classes) {
/* restart to setup other class */
return lz_setup_implicit(zones, cfg);
}
return 1;
}
