/*%
* We have been asked to look for a key.
- * If found resume the validation process.
- * If not found fail the validation process.
+ * If found, resume the validation process.
+ * If not found, fail the validation process.
*/
static void
-fetch_callback_validator(isc_task_t *task, isc_event_t *event) {
+fetch_callback_dnskey(isc_task_t *task, isc_event_t *event) {
dns_fetchevent_t *devent;
dns_validator_t *val;
dns_rdataset_t *rdataset;
INSIST(val->event != NULL);
- validator_log(val, ISC_LOG_DEBUG(3), "in fetch_callback_validator");
+ validator_log(val, ISC_LOG_DEBUG(3), "in fetch_callback_dnskey");
LOCK(&val->lock);
fetch = val->fetch;
val->fetch = NULL;
}
} else {
validator_log(val, ISC_LOG_DEBUG(3),
- "fetch_callback_validator: got %s",
+ "fetch_callback_dnskey: got %s",
isc_result_totext(eresult));
if (eresult == ISC_R_CANCELED) {
validator_done(val, eresult);
}
}
+/*%
+ * We have been asked to look for a DS. This may be part of
+ * walking a trust chain, or an insecurity proof.
+ */
static void
-dsfetched(isc_task_t *task, isc_event_t *event) {
+fetch_callback_ds(isc_task_t *task, isc_event_t *event) {
dns_fetchevent_t *devent;
dns_validator_t *val;
dns_rdataset_t *rdataset;
eresult = devent->result;
/*
- * Set to true if we're walking a chain of trust; false if
- * we're attempting to prove insecurity.
+ * Set 'trustchain' to true if we're walking a chain of
+ * trust; false if we're attempting to prove insecurity.
*/
trustchain = ((val->attributes & VALATTR_INSECURITY) == 0);
INSIST(val->event != NULL);
- validator_log(val, ISC_LOG_DEBUG(3), "in dsfetched");
+ validator_log(val, ISC_LOG_DEBUG(3), "in fetch_callback_ds");
LOCK(&val->lock);
fetch = val->fetch;
val->fetch = NULL;
* insecurity. If this is a zone cut, that
* means we're insecure.
*/
- result = markanswer(val, "dsfetched",
+ result = markanswer(val, "fetch_callback_ds",
"no DS and this is a delegation");
validator_done(val, result);
} else {
default:
unexpected:
- validator_log(val, ISC_LOG_DEBUG(3), "dsfetched: got %s",
+ validator_log(val, ISC_LOG_DEBUG(3),
+ "fetch_callback_ds: got %s",
isc_result_totext(eresult));
if (eresult == ISC_R_CANCELED) {
validator_done(val, eresult);
* Resumes the stalled validation process.
*/
static void
-keyvalidated(isc_task_t *task, isc_event_t *event) {
+validator_callback_dnskey(isc_task_t *task, isc_event_t *event) {
dns_validatorevent_t *devent;
dns_validator_t *val;
bool want_destroy;
INSIST(val->event != NULL);
- validator_log(val, ISC_LOG_DEBUG(3), "in keyvalidated");
+ validator_log(val, ISC_LOG_DEBUG(3), "in validator_callback_dnskey");
LOCK(&val->lock);
if (CANCELED(val)) {
validator_done(val, ISC_R_CANCELED);
expire_rdatasets(val);
}
validator_log(val, ISC_LOG_DEBUG(3),
- "keyvalidated: got %s",
+ "validator_callback_dnskey: got %s",
isc_result_totext(eresult));
validator_done(val, DNS_R_BROKENCHAIN);
}
* Resumes validation of the zone key or the unsecure zone proof.
*/
static void
-dsvalidated(isc_task_t *task, isc_event_t *event) {
+validator_callback_ds(isc_task_t *task, isc_event_t *event) {
dns_validatorevent_t *devent;
dns_validator_t *val;
bool want_destroy;
INSIST(val->event != NULL);
- validator_log(val, ISC_LOG_DEBUG(3), "in dsvalidated");
+ validator_log(val, ISC_LOG_DEBUG(3), "in validator_callback_ds");
LOCK(&val->lock);
if (CANCELED(val)) {
validator_done(val, ISC_R_CANCELED);
NEGATIVE(&val->frdataset) &&
isdelegation(name, &val->frdataset, DNS_R_NCACHENXRRSET))
{
- result = markanswer(val, "dsvalidated",
+ result = markanswer(val, "validator_callback_ds",
"no DS and this is a delegation");
} else if ((val->attributes & VALATTR_INSECURITY) != 0) {
result = proveunsecure(val, have_dsset, true);
expire_rdatasets(val);
}
validator_log(val, ISC_LOG_DEBUG(3),
- "dsvalidated: got %s",
+ "validator_callback_ds: got %s",
isc_result_totext(eresult));
validator_done(val, DNS_R_BROKENCHAIN);
}
* Resumes validation of the unsecure zone proof.
*/
static void
-cnamevalidated(isc_task_t *task, isc_event_t *event) {
+validator_callback_cname(isc_task_t *task, isc_event_t *event) {
dns_validatorevent_t *devent;
dns_validator_t *val;
bool want_destroy;
INSIST(val->event != NULL);
INSIST((val->attributes & VALATTR_INSECURITY) != 0);
- validator_log(val, ISC_LOG_DEBUG(3), "in cnamevalidated");
+ validator_log(val, ISC_LOG_DEBUG(3), "in validator_callback_cname");
LOCK(&val->lock);
if (CANCELED(val)) {
validator_done(val, ISC_R_CANCELED);
expire_rdatasets(val);
}
validator_log(val, ISC_LOG_DEBUG(3),
- "cnamevalidated: got %s",
+ "validator_callback_cname: got %s",
isc_result_totext(eresult));
validator_done(val, DNS_R_BROKENCHAIN);
}
* Resumes validate_nx.
*/
static void
-authvalidated(isc_task_t *task, isc_event_t *event) {
+validator_callback_nsec(isc_task_t *task, isc_event_t *event) {
dns_validatorevent_t *devent;
dns_validator_t *val;
dns_rdataset_t *rdataset;
INSIST(val->event != NULL);
- validator_log(val, ISC_LOG_DEBUG(3), "in authvalidated");
+ validator_log(val, ISC_LOG_DEBUG(3), "in validator_callback_nsec");
LOCK(&val->lock);
if (CANCELED(val)) {
validator_done(val, ISC_R_CANCELED);
} else if (result != ISC_R_SUCCESS) {
validator_log(val, ISC_LOG_DEBUG(3),
- "authvalidated: got %s",
+ "validator_callback_nsec: got %s",
isc_result_totext(result));
if (result == DNS_R_BROKENCHAIN) {
val->authfail++;
* This is the key we're looking for.
*/
return (ISC_R_SUCCESS);
- } else if (dst_key_compare(oldkey,
- val->key) == true) {
+ } else if (dst_key_compare(oldkey, val->key)) {
foundold = true;
dst_key_free(&oldkey);
}
dns_rdatatype_dnskey,
&val->frdataset,
&val->fsigrdataset,
- keyvalidated,
+ validator_callback_dnskey,
"get_key");
if (result != ISC_R_SUCCESS) {
return (result);
*/
result = create_fetch(val, &siginfo->signer,
dns_rdatatype_dnskey,
- fetch_callback_validator, "get_key");
+ fetch_callback_dnskey, "get_key");
if (result != ISC_R_SUCCESS) {
return (result);
}
break;
}
} else {
- if (get_dst_key(val, val->siginfo, val->keyset)
- != ISC_R_SUCCESS)
- {
+ isc_result_t tresult;
+
+ tresult = get_dst_key(val, val->siginfo,
+ val->keyset);
+ if (tresult != ISC_R_SUCCESS) {
break;
}
}
dns_rdatatype_ds,
&val->frdataset,
&val->fsigrdataset,
- dsvalidated,
+ validator_callback_ds,
"validatezonekey");
if (result != ISC_R_SUCCESS) {
return (result);
* We don't have the DS. Find it.
*/
result = create_fetch(val, val->event->name,
- dns_rdatatype_ds, dsfetched,
+ dns_rdatatype_ds,
+ fetch_callback_ds,
"validatezonekey");
if (result != ISC_R_SUCCESS) {
return (result);
val->currentset = rdataset;
result = create_validator(val, name, rdataset->type,
rdataset, sigrdataset,
- authvalidated, "validate_neg_rrset");
+ validator_callback_nsec,
+ "validate_neg_rrset");
if (result != ISC_R_SUCCESS) {
return (result);
}
* answer is from a wildcard.
*
* Loop through the authority section looking for NODATA, NOWILDCARD
- * and NOQNAME proofs in the NSEC records by calling authvalidated().
+ * and NOQNAME proofs in the NSEC records by calling
+ * validator_callback_nsec().
*
* If the required proofs are found we are done.
*
dns_rdatatype_ds,
&val->frdataset,
&val->fsigrdataset,
- dsvalidated,
+ validator_callback_ds,
"proveunsecure");
*resp = DNS_R_WAIT;
if (result != ISC_R_SUCCESS) {
*/
*resp = DNS_R_WAIT;
result = create_fetch(val, tname, dns_rdatatype_ds,
- dsfetched, "proveunsecure");
+ fetch_callback_ds, "proveunsecure");
if (result != ISC_R_SUCCESS) {
*resp = result;
}
{
result = create_validator(val, tname,
dns_rdatatype_ds,
- &val->frdataset,
- NULL, dsvalidated,
+ &val->frdataset, NULL,
+ validator_callback_ds,
"proveunsecure");
*resp = DNS_R_WAIT;
if (result != ISC_R_SUCCESS) {
*resp = DNS_R_WAIT;
result = create_validator(val, tname,
dns_rdatatype_ds,
- &val->frdataset,
- NULL, dsvalidated,
+ &val->frdataset, NULL,
+ validator_callback_ds,
"proveunsecure");
if (result != ISC_R_SUCCESS) {
*resp = result;
{
result = create_validator(val, tname,
dns_rdatatype_cname,
- &val->frdataset,
- NULL, cnamevalidated,
+ &val->frdataset, NULL,
+ validator_callback_cname,
"proveunsecure "
"(cname)");
*resp = DNS_R_WAIT;
projects / thirdparty / bind9.git / commitdiff
