/** test with several anchors */ static void test_anchors(sldns_buffer* buff, struct val_anchors* a) { struct trust_anchor* ta; uint16_t c = LDNS_RR_CLASS_IN; unit_assert(anchor_store_str(a, buff, "labs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A")); unit_assert(anchors_lookup(a, (uint8_t*)"\000", 1, c) == NULL); unit_assert(anchors_lookup(a, (uint8_t*)"\003com\000", 5, c) == NULL); unit_assert(anchors_lookup(a, (uint8_t*)"\007example\003com\000", 11, c) == NULL); unit_assert(ta = anchors_lookup(a, (uint8_t*)"\002nl\000", 4, c)); unit_assert(query_dname_compare(ta->name, (uint8_t*)"\002nl\000")==0); lock_basic_unlock(&ta->lock); unit_assert(ta = anchors_lookup(a, (uint8_t*)"\004labs\002nl\000", 9, c)); unit_assert(query_dname_compare(ta->name, (uint8_t*)"\004labs\002nl\000") == 0); lock_basic_unlock(&ta->lock); unit_assert(ta = anchors_lookup(a, (uint8_t*)"\004fabs\002nl\000", 9, c)); unit_assert(query_dname_compare(ta->name, (uint8_t*)"\002nl\000") == 0); lock_basic_unlock(&ta->lock); unit_assert(anchors_lookup(a, (uint8_t*)"\002oo\000", 4, c) == NULL); }
/** * read contents of trusted-keys{ ... ; clauses and insert keys into storage. * @param anchors: where to store keys * @param buf: buffer to use * @param line: line number in file * @param in: file to read from. * @return 0 on error. */ static int process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf, int* line, FILE* in) { /* loop over contents, collate strings before ; */ /* contents is (numbered): 0 1 2 3 4 5 6 7 8 */ /* name. 257 3 5 base64 base64 */ /* quoted value: 0 "111" 0 0 0 0 0 0 0 */ /* comments value: 1 "000" 1 1 1 "0 0 0 0" 1 */ int contnum = 0; int quoted = 0; int comments = 1; int rdlen; char* str = 0; ldns_buffer_clear(buf); while((rdlen=readkeyword_bindfile(in, buf, line, comments))) { if(rdlen == 1 && ldns_buffer_position(buf) == 1 && isspace((int)*ldns_buffer_begin(buf))) { /* starting whitespace is removed */ ldns_buffer_clear(buf); continue; } else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == '"') { /* remove " from the string */ if(contnum == 0) { quoted = 1; comments = 0; } ldns_buffer_skip(buf, -1); if(contnum > 0 && quoted) { if(ldns_buffer_remaining(buf) < 8+1) { log_err("line %d, too long", *line); return 0; } ldns_buffer_write(buf, " DNSKEY ", 8); quoted = 0; comments = 1; } else if(contnum > 0) comments = !comments; continue; } else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == ';') { if(contnum < 5) { ldns_buffer_write_u8(buf, 0); log_err("line %d, bad key", *line); return 0; } ldns_buffer_skip(buf, -1); ldns_buffer_write_u8(buf, 0); str = strdup((char*)ldns_buffer_begin(buf)); if(!str) { log_err("line %d, allocation failure", *line); return 0; } if(!anchor_store_str(anchors, buf, str)) { log_err("line %d, bad key", *line); free(str); return 0; } free(str); ldns_buffer_clear(buf); contnum = 0; quoted = 0; comments = 1; continue; } else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == '}') { if(contnum > 0) { ldns_buffer_write_u8(buf, 0); log_err("line %d, bad key before }", *line); return 0; } return 1; } else if(rdlen == 1 && isspace((int)ldns_buffer_current(buf)[-1])) { /* leave whitespace here */ } else { /* not space or whatnot, so actual content */ contnum ++; if(contnum == 1 && !quoted) { if(ldns_buffer_remaining(buf) < 8+1) { log_err("line %d, too long", *line); return 0; } ldns_buffer_write(buf, " DNSKEY ", 8); } } } log_err("line %d, EOF before }", *line); return 0; }
int anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg) { struct config_strlist* f; char* nm; ldns_buffer* parsebuf = ldns_buffer_new(65535); for(f = cfg->domain_insecure; f; f = f->next) { if(!f->str || f->str[0] == 0) /* empty "" */ continue; if(!anchor_insert_insecure(anchors, f->str)) { log_err("error in domain-insecure: %s", f->str); ldns_buffer_free(parsebuf); return 0; } } for(f = cfg->trust_anchor_file_list; f; f = f->next) { if(!f->str || f->str[0] == 0) /* empty "" */ continue; nm = f->str; if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, cfg->chrootdir, strlen(cfg->chrootdir)) == 0) nm += strlen(cfg->chrootdir); if(!anchor_read_file(anchors, parsebuf, nm, 0)) { log_err("error reading trust-anchor-file: %s", f->str); ldns_buffer_free(parsebuf); return 0; } } for(f = cfg->trusted_keys_file_list; f; f = f->next) { if(!f->str || f->str[0] == 0) /* empty "" */ continue; nm = f->str; if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, cfg->chrootdir, strlen(cfg->chrootdir)) == 0) nm += strlen(cfg->chrootdir); if(!anchor_read_bind_file_wild(anchors, parsebuf, nm)) { log_err("error reading trusted-keys-file: %s", f->str); ldns_buffer_free(parsebuf); return 0; } } for(f = cfg->trust_anchor_list; f; f = f->next) { if(!f->str || f->str[0] == 0) /* empty "" */ continue; if(!anchor_store_str(anchors, parsebuf, f->str)) { log_err("error in trust-anchor: \"%s\"", f->str); ldns_buffer_free(parsebuf); return 0; } } if(cfg->dlv_anchor_file && cfg->dlv_anchor_file[0] != 0) { struct trust_anchor* dlva; nm = cfg->dlv_anchor_file; if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, cfg->chrootdir, strlen(cfg->chrootdir)) == 0) nm += strlen(cfg->chrootdir); if(!(dlva = anchor_read_file(anchors, parsebuf, nm, 1))) { log_err("error reading dlv-anchor-file: %s", cfg->dlv_anchor_file); ldns_buffer_free(parsebuf); return 0; } lock_basic_lock(&anchors->lock); anchors->dlv_anchor = dlva; lock_basic_unlock(&anchors->lock); } for(f = cfg->dlv_anchor_list; f; f = f->next) { struct trust_anchor* dlva; if(!f->str || f->str[0] == 0) /* empty "" */ continue; if(!(dlva = anchor_store_str( anchors, parsebuf, f->str))) { log_err("error in dlv-anchor: \"%s\"", f->str); ldns_buffer_free(parsebuf); return 0; } lock_basic_lock(&anchors->lock); anchors->dlv_anchor = dlva; lock_basic_unlock(&anchors->lock); } /* do autr last, so that it sees what anchors are filled by other * means can can print errors about double config for the name */ for(f = cfg->auto_trust_anchor_file_list; f; f = f->next) { if(!f->str || f->str[0] == 0) /* empty "" */ continue; nm = f->str; if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, cfg->chrootdir, strlen(cfg->chrootdir)) == 0) nm += strlen(cfg->chrootdir); if(!autr_read_file(anchors, nm)) { log_err("error reading auto-trust-anchor-file: %s", f->str); ldns_buffer_free(parsebuf); return 0; } } /* first assemble, since it may delete useless anchors */ anchors_assemble_rrsets(anchors); init_parents(anchors); ldns_buffer_free(parsebuf); if(verbosity >= VERB_ALGO) autr_debug_print(anchors); return 1; }