isc_result_t
named_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
- isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
+ isc_mem_t *mctx, dns_tsigkeyring_t **ringp);
/*%<
* Create a TSIG key ring and configure it according to the 'key'
* statements in the global and view configuration objects.
uint32_t lame_ttl, fail_ttl;
uint32_t max_stale_ttl = 0;
uint32_t stale_refresh_time = 0;
- dns_tsig_keyring_t *ring = NULL;
+ dns_tsigkeyring_t *ring = NULL;
dns_transport_list_t *transports = NULL;
dns_view_t *pview = NULL; /* Production view */
dns_dispatch_t *dispatch4 = NULL;
#include <named/tsigconf.h>
static isc_result_t
-add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring,
+add_initial_keys(const cfg_obj_t *list, dns_tsigkeyring_t *ring,
isc_mem_t *mctx) {
dns_tsigkey_t *tsigkey = NULL;
const cfg_listelt_t *element;
isc_result_t
named_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
- isc_mem_t *mctx, dns_tsig_keyring_t **ringp) {
+ isc_mem_t *mctx, dns_tsigkeyring_t **ringp) {
const cfg_obj_t *maps[3];
const cfg_obj_t *keylist;
- dns_tsig_keyring_t *ring = NULL;
+ dns_tsigkeyring_t *ring = NULL;
isc_result_t result;
int i;
static dns_name_t *zname = NULL;
static dns_name_t tmpzonename = DNS_NAME_INITEMPTY;
static dns_name_t restart_primary = DNS_NAME_INITEMPTY;
-static dns_tsig_keyring_t *gssring = NULL;
+static dns_tsigkeyring_t *gssring = NULL;
static dns_tsigkey_t *tsigkey = NULL;
static dst_key_t *sig0key = NULL;
static isc_sockaddr_t *servers = NULL;
static isc_loopmgr_t *loopmgr = NULL;
static dns_view_t *view = NULL;
static dns_tsigkey_t *tsigkey = NULL;
-static dns_tsig_keyring_t *ring = NULL;
-static dns_tsig_keyring_t *emptyring = NULL;
+static dns_tsigkeyring_t *ring = NULL;
+static dns_tsigkeyring_t *emptyring = NULL;
static char *wd = NULL;
static char template[] = "/tmp/dns-message-checksig-XXXXXX";
isc_result_t
dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
- dns_tsig_keyring_t *ring);
+ dns_tsigkeyring_t *ring);
/*%<
* Processes a query containing a TKEY record, adding or deleting TSIG
* keys if necessary, and modifies the message to contain the response.
isc_result_t
dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
const dns_name_t *server, dns_gss_ctx_id_t *context,
- dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring,
+ dns_tsigkey_t **outkey, dns_tsigkeyring_t *ring,
char **err_message);
/*%<
* Client side negotiation of GSS-TSIG. Process the response
#include <dst/dst.h>
+/* Define to 1 for detailed reference tracing */
+#undef DNS_TSIG_TRACE
+
/*
* Algorithms.
*/
*/
#define DNS_TSIG_FUDGE 300
-struct dns_tsig_keyring {
+struct dns_tsigkeyring {
dns_rbt_t *keys;
unsigned int writecount;
isc_rwlock_t lock;
struct dns_tsigkey {
/* Unlocked */
- unsigned int magic; /*%< Magic number. */
- isc_mem_t *mctx;
- dst_key_t *key; /*%< Key */
- dns_name_t name; /*%< Key name */
- const dns_name_t *algorithm; /*%< Algorithm name */
- dns_name_t *creator; /*%< name that created secret */
- bool generated : 1; /*%< key was auto-generated */
- bool restored : 1; /*%< key was restored at startup */
- isc_stdtime_t inception; /*%< start of validity period */
- isc_stdtime_t expire; /*%< end of validity period */
- dns_tsig_keyring_t *ring; /*%< the enclosing keyring */
- isc_refcount_t refs; /*%< reference counter */
+ unsigned int magic; /*%< Magic number. */
+ isc_mem_t *mctx;
+ dst_key_t *key; /*%< Key */
+ dns_name_t name; /*%< Key name */
+ const dns_name_t *algorithm; /*%< Algorithm name */
+ dns_name_t *creator; /*%< name that created secret */
+ bool generated : 1; /*%< key was auto-generated */
+ bool restored : 1; /*%< key was restored at startup */
+ isc_stdtime_t inception; /*%< start of validity period */
+ isc_stdtime_t expire; /*%< end of validity period */
+ dns_tsigkeyring_t *ring; /*%< the enclosing keyring */
+ isc_refcount_t references; /*%< reference counter */
ISC_LINK(dns_tsigkey_t) link;
};
dst_key_t *dstkey, bool generated, bool restored,
const dns_name_t *creator, isc_stdtime_t inception,
isc_stdtime_t expire, isc_mem_t *mctx,
- dns_tsig_keyring_t *ring, dns_tsigkey_t **key);
+ dns_tsigkeyring_t *ring, dns_tsigkey_t **key);
/*%<
* Creates a tsig key structure and saves it in the keyring. If key is
* not NULL, *key will contain a copy of the key. The keys validity
*/
void
-dns_tsigkey_attach(dns_tsigkey_t *source, dns_tsigkey_t **targetp);
-/*%<
- * Attach '*targetp' to 'source'.
- *
- * Requires:
- *\li 'key' is a valid TSIG key
- *
- * Ensures:
- *\li *targetp is attached to source.
- */
-
-void
-dns_tsigkey_detach(dns_tsigkey_t **keyp);
-/*%<
- * Detaches from the tsig key structure pointed to by '*key'.
- *
- * Requires:
- *\li 'keyp' is not NULL and '*keyp' is a valid TSIG key
- *
- * Ensures:
- *\li 'keyp' points to NULL
- */
-
-void
-dns_tsigkey_setdeleted(dns_tsigkey_t *key);
+dns_tsigkey_delete(dns_tsigkey_t *key);
/*%<
* Prevents this key from being used again. It will be deleted when
* no references exist.
isc_result_t
dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
- dns_tsig_keyring_t *ring1, dns_tsig_keyring_t *ring2);
+ dns_tsigkeyring_t *ring1, dns_tsigkeyring_t *ring2);
/*%<
* Verifies the TSIG record in this message
*
isc_result_t
dns_tsigkey_find(dns_tsigkey_t **tsigkey, const dns_name_t *name,
- const dns_name_t *algorithm, dns_tsig_keyring_t *ring);
+ const dns_name_t *algorithm, dns_tsigkeyring_t *ring);
/*%<
* Returns the TSIG key corresponding to this name and (possibly)
* algorithm. Also increments the key's reference counter.
*/
isc_result_t
-dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
+dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsigkeyring_t **ringp);
/*%<
* Create an empty TSIG key ring.
*
*/
isc_result_t
-dns_tsigkeyring_add(dns_tsig_keyring_t *ring, const dns_name_t *name,
+dns_tsigkeyring_add(dns_tsigkeyring_t *ring, const dns_name_t *name,
dns_tsigkey_t *tkey);
/*%<
* Place a TSIG key onto a key ring.
*\li Any other value indicates failure.
*/
-void
-dns_tsigkeyring_attach(dns_tsig_keyring_t *source, dns_tsig_keyring_t **target);
-
-void
-dns_tsigkeyring_detach(dns_tsig_keyring_t **ringp);
-
isc_result_t
-dns_tsigkeyring_dumpanddetach(dns_tsig_keyring_t **ringp, FILE *fp);
+dns_tsigkeyring_dumpanddetach(dns_tsigkeyring_t **ringp, FILE *fp);
/*%<
* Destroy a TSIG key ring.
*/
void
-dns_tsigkeyring_restore(dns_tsig_keyring_t *ring, FILE *fp);
+dns_tsigkeyring_restore(dns_tsigkeyring_t *ring, FILE *fp);
+/*%<
+ * Restore a TSIG keyring from a dump file 'fp'.
+ */
+
+#if DNS_TSIG_TRACE
+#define dns_tsigkey_ref(ptr) dns_tsigkey__ref(ptr, __func__, __FILE__, __LINE__)
+#define dns_tsigkey_unref(ptr) \
+ dns_tsigkey__unref(ptr, __func__, __FILE__, __LINE__)
+#define dns_tsigkey_attach(ptr, ptrp) \
+ dns_tsigkey__attach(ptr, ptrp, __func__, __FILE__, __LINE__)
+#define dns_tsigkey_detach(ptrp) \
+ dns_tsigkey__detach(ptrp, __func__, __FILE__, __LINE__)
+ISC_REFCOUNT_TRACE_DECL(dns_tsigkey);
+
+#define dns_tsigkeyring_ref(ptr) \
+ dns_tsigkeyring__ref(ptr, __func__, __FILE__, __LINE__)
+#define dns_tsigkeyring_unref(ptr) \
+ dns_tsigkeyring__unref(ptr, __func__, __FILE__, __LINE__)
+#define dns_tsigkeyring_attach(ptr, ptrp) \
+ dns_tsigkeyring__attach(ptr, ptrp, __func__, __FILE__, __LINE__)
+#define dns_tsigkeyring_detach(ptrp) \
+ dns_tsigkeyring__detach(ptrp, __func__, __FILE__, __LINE__)
+ISC_REFCOUNT_TRACE_DECL(dns_tsigkeyring);
+#else
+ISC_REFCOUNT_DECL(dns_tsigkey);
+ISC_REFCOUNT_DECL(dns_tsigkeyring);
+#endif
ISC_LANG_ENDDECLS
typedef struct dns_transport dns_transport_t;
typedef struct dns_transport_list dns_transport_list_t;
typedef uint16_t dns_trust_t;
-typedef struct dns_tsig_keyring dns_tsig_keyring_t;
+typedef struct dns_tsigkeyring dns_tsigkeyring_t;
typedef struct dns_tsigkey dns_tsigkey_t;
typedef uint32_t dns_ttl_t;
typedef struct dns_update_state dns_update_state_t;
/* Configurable data. */
dns_transport_list_t *transports;
- dns_tsig_keyring_t *statickeys;
- dns_tsig_keyring_t *dynamickeys;
+ dns_tsigkeyring_t *statickeys;
+ dns_tsigkeyring_t *dynamickeys;
dns_peerlist_t *peers;
dns_order_t *order;
dns_fwdtable_t *fwdtable;
dns_view_settransports(dns_view_t *view, dns_transport_list_t *list);
void
-dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring);
+dns_view_setkeyring(dns_view_t *view, dns_tsigkeyring_t *ring);
void
-dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring);
+dns_view_setdynamickeyring(dns_view_t *view, dns_tsigkeyring_t *ring);
/*%<
* Set the view's static TSIG keys
*
*/
void
-dns_view_getdynamickeyring(dns_view_t *view, dns_tsig_keyring_t **ringp);
+dns_view_getdynamickeyring(dns_view_t *view, dns_tsigkeyring_t **ringp);
/*%<
* Return the views dynamic keys.
*
static isc_result_t
process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
dns_tkeyctx_t *tctx, dns_rdata_tkey_t *tkeyout,
- dns_tsig_keyring_t *ring) {
+ dns_tsigkeyring_t *ring) {
isc_result_t result = ISC_R_SUCCESS;
dst_key_t *dstkey = NULL;
dns_tsigkey_t *tsigkey = NULL;
static isc_result_t
process_deletetkey(dns_name_t *signer, dns_name_t *name,
dns_rdata_tkey_t *tkeyin, dns_rdata_tkey_t *tkeyout,
- dns_tsig_keyring_t *ring) {
+ dns_tsigkeyring_t *ring) {
isc_result_t result;
dns_tsigkey_t *tsigkey = NULL;
const dns_name_t *identity;
* was not generated with TKEY and is in the config file, it may be
* reloaded later.
*/
- dns_tsigkey_setdeleted(tsigkey);
+ dns_tsigkey_delete(tsigkey);
/* Release the reference */
dns_tsigkey_detach(&tsigkey);
isc_result_t
dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
- dns_tsig_keyring_t *ring) {
+ dns_tsigkeyring_t *ring) {
isc_result_t result = ISC_R_SUCCESS;
dns_rdata_tkey_t tkeyin, tkeyout;
bool freetkeyin = false;
isc_result_t
dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
const dns_name_t *server, dns_gss_ctx_id_t *context,
- dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring,
+ dns_tsigkey_t **outkey, dns_tsigkeyring_t *ring,
char **err_message) {
dns_rdata_t rtkeyrdata = DNS_RDATA_INIT, qtkeyrdata = DNS_RDATA_INIT;
dns_name_t *tkeyname;
ISC_FORMAT_PRINTF(3, 4);
static void
-cleanup_ring(dns_tsig_keyring_t *ring);
-static void
-tsigkey_free(dns_tsigkey_t *key);
+cleanup_ring(dns_tsigkeyring_t *ring);
bool
dns__tsig_algvalid(unsigned int alg) {
* counter: it's protected by a separate lock.
*/
static isc_result_t
-keyring_add(dns_tsig_keyring_t *ring, const dns_name_t *name,
+keyring_add(dns_tsigkeyring_t *ring, const dns_name_t *name,
dns_tsigkey_t *tkey) {
isc_result_t result;
dst_key_t *dstkey, bool generated, bool restored,
const dns_name_t *creator, isc_stdtime_t inception,
isc_stdtime_t expire, isc_mem_t *mctx,
- dns_tsig_keyring_t *ring, dns_tsigkey_t **key) {
+ dns_tsigkeyring_t *ring, dns_tsigkey_t **key) {
dns_tsigkey_t *tkey = NULL;
isc_result_t ret;
unsigned int refs = 0;
refs++;
}
- isc_refcount_init(&tkey->refs, refs);
+ isc_refcount_init(&tkey->references, refs);
isc_mem_attach(mctx, &tkey->mctx);
tkey->magic = TSIG_MAGIC;
cleanup_refs:
tkey->magic = 0;
while (refs-- > 0) {
- isc_refcount_decrement0(&tkey->refs);
+ isc_refcount_decrement0(&tkey->references);
}
- isc_refcount_destroy(&tkey->refs);
+ isc_refcount_destroy(&tkey->references);
if (tkey->key != NULL) {
dst_key_free(&tkey->key);
* Find a few nodes to destroy if possible.
*/
static void
-cleanup_ring(dns_tsig_keyring_t *ring) {
+cleanup_ring(dns_tsigkeyring_t *ring) {
isc_result_t result;
dns_rbtnodechain_t chain;
dns_name_t foundname;
tkey = node->data;
if (tkey != NULL) {
if (tkey->generated &&
- isc_refcount_current(&tkey->refs) == 1 &&
+ isc_refcount_current(&tkey->references) == 1 &&
tkey->inception != tkey->expire &&
tkey->expire < now)
{
}
static void
-destroyring(dns_tsig_keyring_t *ring) {
+destroyring(dns_tsigkeyring_t *ring) {
isc_refcount_destroy(&ring->references);
dns_rbt_destroy(&ring->keys);
isc_rwlock_destroy(&ring->lock);
- isc_mem_putanddetach(&ring->mctx, ring, sizeof(dns_tsig_keyring_t));
+ isc_mem_putanddetach(&ring->mctx, ring, sizeof(dns_tsigkeyring_t));
}
+#if DNS_TSIG_TRACE
+ISC_REFCOUNT_TRACE_IMPL(dns_tsigkeyring, destroyring);
+#else
+ISC_REFCOUNT_IMPL(dns_tsigkeyring, destroyring);
+#endif
+
/*
* Look up the DST_ALG_ constant for a given name.
*/
}
static isc_result_t
-restore_key(dns_tsig_keyring_t *ring, isc_stdtime_t now, FILE *fp) {
+restore_key(dns_tsigkeyring_t *ring, isc_stdtime_t now, FILE *fp) {
dst_key_t *dstkey = NULL;
char namestr[1024];
char creatorstr[1024];
}
isc_result_t
-dns_tsigkeyring_dumpanddetach(dns_tsig_keyring_t **ringp, FILE *fp) {
+dns_tsigkeyring_dumpanddetach(dns_tsigkeyring_t **ringp, FILE *fp) {
isc_result_t result;
dns_rbtnodechain_t chain;
dns_name_t foundname;
dns_fixedname_t fixedorigin;
dns_name_t *origin = NULL;
isc_stdtime_t now = isc_stdtime_now();
- dns_tsig_keyring_t *ring = NULL;
+ dns_tsigkeyring_t *ring = NULL;
REQUIRE(ringp != NULL && *ringp != NULL);
return (result);
}
-void
-dns_tsigkey_attach(dns_tsigkey_t *source, dns_tsigkey_t **targetp) {
- REQUIRE(VALID_TSIG_KEY(source));
- REQUIRE(targetp != NULL && *targetp == NULL);
-
- isc_refcount_increment(&source->refs);
- *targetp = source;
-}
-
static void
-tsigkey_free(dns_tsigkey_t *key) {
+destroy_tsigkey(dns_tsigkey_t *key) {
REQUIRE(VALID_TSIG_KEY(key));
key->magic = 0;
isc_mem_putanddetach(&key->mctx, key, sizeof(dns_tsigkey_t));
}
-void
-dns_tsigkey_detach(dns_tsigkey_t **keyp) {
- REQUIRE(keyp != NULL && VALID_TSIG_KEY(*keyp));
- dns_tsigkey_t *key = *keyp;
- *keyp = NULL;
-
- if (isc_refcount_decrement(&key->refs) == 1) {
- isc_refcount_destroy(&key->refs);
- tsigkey_free(key);
- }
-}
+#if DNS_TSIG_TRACE
+ISC_REFCOUNT_TRACE_IMPL(dns_tsigkey, destroy_tsigkey);
+#else
+ISC_REFCOUNT_IMPL(dns_tsigkey, destroy_tsigkey);
+#endif
void
-dns_tsigkey_setdeleted(dns_tsigkey_t *key) {
+dns_tsigkey_delete(dns_tsigkey_t *key) {
REQUIRE(VALID_TSIG_KEY(key));
REQUIRE(key->ring != NULL);
isc_result_t
dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
- dns_tsig_keyring_t *ring1, dns_tsig_keyring_t *ring2) {
+ dns_tsigkeyring_t *ring1, dns_tsigkeyring_t *ring2) {
dns_rdata_any_tsig_t tsig, querytsig;
isc_region_t r, source_r, header_r, sig_r;
isc_buffer_t databuf;
isc_result_t
dns_tsigkey_find(dns_tsigkey_t **tsigkey, const dns_name_t *name,
- const dns_name_t *algorithm, dns_tsig_keyring_t *ring) {
+ const dns_name_t *algorithm, dns_tsigkeyring_t *ring) {
dns_tsigkey_t *key = NULL;
isc_stdtime_t now = isc_stdtime_now();
isc_result_t result;
RWUNLOCK(&ring->lock, isc_rwlocktype_write);
return (ISC_R_NOTFOUND);
}
- isc_refcount_increment(&key->refs);
+ isc_refcount_increment(&key->references);
RWUNLOCK(&ring->lock, isc_rwlocktype_read);
adjust_lru(key);
*tsigkey = key;
}
isc_result_t
-dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp) {
+dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsigkeyring_t **ringp) {
isc_result_t result;
- dns_tsig_keyring_t *ring = NULL;
+ dns_tsigkeyring_t *ring = NULL;
REQUIRE(mctx != NULL);
REQUIRE(ringp != NULL);
REQUIRE(*ringp == NULL);
- ring = isc_mem_get(mctx, sizeof(dns_tsig_keyring_t));
- *ring = (dns_tsig_keyring_t){
+ ring = isc_mem_get(mctx, sizeof(dns_tsigkeyring_t));
+ *ring = (dns_tsigkeyring_t){
.maxgenerated = DNS_TSIG_MAXGENERATEDKEYS,
.lru = ISC_LIST_INITIALIZER,
};
result = dns_rbt_create(mctx, free_tsignode, NULL, &ring->keys);
if (result != ISC_R_SUCCESS) {
isc_rwlock_destroy(&ring->lock);
- isc_mem_put(mctx, ring, sizeof(dns_tsig_keyring_t));
+ isc_mem_put(mctx, ring, sizeof(dns_tsigkeyring_t));
return (result);
}
}
isc_result_t
-dns_tsigkeyring_add(dns_tsig_keyring_t *ring, const dns_name_t *name,
+dns_tsigkeyring_add(dns_tsigkeyring_t *ring, const dns_name_t *name,
dns_tsigkey_t *tkey) {
isc_result_t result;
result = keyring_add(ring, name, tkey);
if (result == ISC_R_SUCCESS) {
- isc_refcount_increment(&tkey->refs);
+ isc_refcount_increment(&tkey->references);
}
return (result);
}
void
-dns_tsigkeyring_attach(dns_tsig_keyring_t *source,
- dns_tsig_keyring_t **target) {
- REQUIRE(source != NULL);
- REQUIRE(target != NULL && *target == NULL);
-
- isc_refcount_increment(&source->references);
-
- *target = source;
-}
-
-void
-dns_tsigkeyring_detach(dns_tsig_keyring_t **ringp) {
- dns_tsig_keyring_t *ring = NULL;
-
- REQUIRE(ringp != NULL);
- REQUIRE(*ringp != NULL);
-
- ring = *ringp;
- *ringp = NULL;
-
- if (isc_refcount_decrement(&ring->references) == 1) {
- destroyring(ring);
- }
-}
-
-void
-dns_tsigkeyring_restore(dns_tsig_keyring_t *ring, FILE *fp) {
+dns_tsigkeyring_restore(dns_tsigkeyring_t *ring, FILE *fp) {
isc_stdtime_t now = isc_stdtime_now();
isc_result_t result;
}
void
-dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
+dns_view_setkeyring(dns_view_t *view, dns_tsigkeyring_t *ring) {
REQUIRE(DNS_VIEW_VALID(view));
REQUIRE(ring != NULL);
if (view->statickeys != NULL) {
}
void
-dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
+dns_view_setdynamickeyring(dns_view_t *view, dns_tsigkeyring_t *ring) {
REQUIRE(DNS_VIEW_VALID(view));
REQUIRE(ring != NULL);
if (view->dynamickeys != NULL) {
}
void
-dns_view_getdynamickeyring(dns_view_t *view, dns_tsig_keyring_t **ringp) {
+dns_view_getdynamickeyring(dns_view_t *view, dns_tsigkeyring_t **ringp) {
REQUIRE(DNS_VIEW_VALID(view));
REQUIRE(ringp != NULL && *ringp == NULL);
if (view->dynamickeys != NULL) {
dns_fixedname_t fkeyname;
dns_message_t *msg = NULL;
dns_name_t *keyname;
- dns_tsig_keyring_t *ring = NULL;
+ dns_tsigkeyring_t *ring = NULL;
dns_tsigkey_t *key = NULL;
isc_buffer_t *buf = NULL;
isc_buffer_t *querytsig = NULL;
projects / thirdparty / bind9.git / commitdiff
