- ldns snapshot r2699 taken (includes DLV type).

- DLV work, config file element, trust anchor read in. git-svn-id: file:///svn/unbound/trunk@1187 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2008-08-13 14:30:35 +00:00 · 2008-08-13 14:30:35 +00:00 · 080d9d6540
commit 080d9d6540
parent 77b79fde5d
13 changed files with 1070 additions and 985 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -3,6 +3,8 @@
 	  options.
 	- bug #204: variable name ameliorated in log.c.
 	- bug #206: in iana_update, no egrep, but awk use.
 	- ldns snapshot r2699 taken (includes DLV type).
 	- DLV work, config file element, trust anchor read in.
 12 August 2008: Wouter
 	- finished adjusting testset to provide qtype NS answers.
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@ -247,6 +247,11 @@ server:
 	# separated by spaces. "iterator" or "validator iterator"
 	# module-config: "validator iterator"
 	# File with DLV trusted keys. Same format as trust-anchor-file.
 	# There can be only one DLV configured, it is trusted from root down.
 	# Download https://secure.isc.org/ops/dlv/dlv.isc.org.key
 	# dlv-anchor-file: "dlv.isc.org.key"
 	# File with trusted keys for validation. Specify more than one file
 	# with several entries, one file per entry.
 	# Zone file format, with DS and DNSKEY entries.
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@ -411,6 +411,13 @@ with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR
 but has a different file format. Format is BIND\-9 style format, 
 the trusted\-keys { name flag proto algo "key"; }; clauses are read.
 .TP
 .B dlv\-anchor\-file: \fI<filename>
 File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and
 DNSKEY entries can be used in the file, in the same format as for
 \fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more
 would be slow. The DLV configured is used as a root trusted DLV, this 
 means that it is a lookaside for the root. Default is "", or no dlv anchor file.
 .TP
 .B val\-override\-date: \fI<rrsig\-style date spec>
 Default is "" or "0", which disables this debugging feature. If enabled by
 giving a RRSIG style date, that date is used for verifying RRSIG inception
--- a/ldns-src.tar.gz
+++ b/ldns-src.tar.gz
--- a/util/config_file.c
+++ b/util/config_file.c
@ -137,6 +137,7 @@ config_create()
 	cfg->trust_anchor_file_list = NULL;
 	cfg->trust_anchor_list = NULL;
 	cfg->trusted_keys_file_list = NULL;
 	cfg->dlv_anchor_file = NULL;
 	cfg->val_date_override = 0;
 	cfg->val_clean_additional = 1;
 	cfg->val_permissive_mode = 0;
@ -304,6 +305,9 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	} else if(strcmp(opt, "trusted-keys-file:") == 0) {
 		return cfg_strlist_insert(&cfg->trusted_keys_file_list, 
 			strdup(val));
 	} else if(strcmp(opt, "dlv-anchor-file:") == 0) {
 		free(cfg->dlv_anchor_file);
 		return (cfg->dlv_anchor_file = strdup(val)) != NULL;
 	} else if(strcmp(opt, "val-override-date:") == 0) {
 		if(strcmp(val, "") == 0 || strcmp(val, "0") == 0) {
 			cfg->val_date_override = 0;
@ -452,6 +456,7 @@ config_delete(struct config_file* cfg)
 	config_delstrlist(cfg->trust_anchor_file_list);
 	config_delstrlist(cfg->trusted_keys_file_list);
 	config_delstrlist(cfg->trust_anchor_list);
 	free(cfg->dlv_anchor_file);
 	config_deldblstrlist(cfg->acls);
 	free(cfg->val_nsec3_key_iterations);
 	config_deldblstrlist(cfg->local_zones);
--- a/util/config_file.h
+++ b/util/config_file.h
@ -178,6 +178,8 @@ struct config_file {
 	struct config_strlist* trust_anchor_list;
 	/** files with trusted DNSKEYs in named.conf format, list */
 	struct config_strlist* trusted_keys_file_list;
 	/** DLV anchor file */
 	char* dlv_anchor_file;
 	/** the number of seconds maximal TTL used for RRsets and messages */
 	int max_ttl;
--- a/util/configlexer.c
+++ b/util/configlexer.c
--- a/util/configlexer.lex
+++ b/util/configlexer.lex
@ -163,6 +163,7 @@ hide-version{COLON}     { YDOUT; return VAR_HIDE_VERSION;}
 identity{COLON}		{ YDOUT; return VAR_IDENTITY;}
 version{COLON}     	{ YDOUT; return VAR_VERSION;}
 module-config{COLON}     	{ YDOUT; return VAR_MODULE_CONF;}
 dlv-anchor-file{COLON}	{ YDOUT; return VAR_DLV_ANCHOR_FILE;}
 trust-anchor-file{COLON}	{ YDOUT; return VAR_TRUST_ANCHOR_FILE;}
 trusted-keys-file{COLON}	{ YDOUT; return VAR_TRUSTED_KEYS_FILE;}
 trust-anchor{COLON}	{ YDOUT; return VAR_TRUST_ANCHOR;}
--- a/util/configparser.c
+++ b/util/configparser.c
--- a/util/configparser.h
+++ b/util/configparser.h
@ -117,7 +117,8 @@
     VAR_USE_CAPS_FOR_ID = 333,
     VAR_STATISTICS_CUMULATIVE = 334,
     VAR_OUTGOING_PORT_PERMIT = 335,
-     VAR_OUTGOING_PORT_AVOID = 336
+     VAR_OUTGOING_PORT_AVOID = 336,
     VAR_DLV_ANCHOR_FILE = 337
   };
 #endif
 /* Tokens.  */
@ -200,6 +201,7 @@
 #define VAR_STATISTICS_CUMULATIVE 334
 #define VAR_OUTGOING_PORT_PERMIT 335
 #define VAR_OUTGOING_PORT_AVOID 336
 #define VAR_DLV_ANCHOR_FILE 337
@ -211,7 +213,7 @@ typedef union YYSTYPE
 	char*	str;
 }
 /* Line 1489 of yacc.c.  */
-#line 215 "util/configparser.h"
+#line 217 "util/configparser.h"
 	YYSTYPE;
 # define yystype YYSTYPE /* obsolescent; will be withdrawn */
 # define YYSTYPE_IS_DECLARED 1
--- a/util/configparser.y
+++ b/util/configparser.y
@ -90,7 +90,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
 %token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
 %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT 
-%token VAR_OUTGOING_PORT_AVOID
+%token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE
 %%
 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@ -132,7 +132,8 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_local_zone | server_local_data | server_interface_automatic |
 	server_statistics_interval | server_do_daemonize | 
 	server_use_caps_for_id | server_statistics_cumulative |
-	server_outgoing_port_permit | server_outgoing_port_avoid
+	server_outgoing_port_permit | server_outgoing_port_avoid |
 	server_dlv_anchor_file
 	;
 stubstart: VAR_STUB_ZONE
 	{
@ -397,6 +398,12 @@ server_root_hints: VAR_ROOT_HINTS STRING
 			yyerror("out of memory");
 	}
 	;
 server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING
 	{
 		OUTYY(("P(server_dlv_anchor_file:%s)\n", $2));
 		free(cfg_parser->cfg->dlv_anchor_file);
 		cfg_parser->cfg->dlv_anchor_file = $2;
 	}
 server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING
 	{
 		OUTYY(("P(server_trust_anchor_file:%s)\n", $2));
--- a/validator/val_anchor.c
+++ b/validator/val_anchor.c
@ -203,9 +203,9 @@ anchor_new_ta_key(struct val_anchors* anchors, uint8_t* rdata, size_t rdata_len,
 * @param dclass: class of RR
 * @param rdata: rdata wireformat, starting with rdlength.
 * @param rdata_len: length of rdata including rdlength.
- * @return: 0 on error.
+ * @return: NULL on error, else the trust anchor.
 */
-static int
+static struct trust_anchor*
 anchor_store_new_key(struct val_anchors* anchors, uint8_t* name, uint16_t type,
 	uint16_t dclass, uint8_t* rdata, size_t rdata_len)
 {
@ -223,22 +223,22 @@ anchor_store_new_key(struct val_anchors* anchors, uint8_t* name, uint16_t type,
 	if(!ta) {
 		ta = anchor_new_ta(anchors, name, namelabs, namelen, dclass);
 		if(!ta)
-			return 0;
+			return NULL;
 	}
 	/* look for duplicates */
 	if(anchor_find_key(ta, rdata, rdata_len, type)) {
-		return 1;
+		return ta;
 	}
 	k = anchor_new_ta_key(anchors, rdata, rdata_len, type);
 	if(!k)
-		return 0;
+		return NULL;
 	/* add new key */
 	if(type == LDNS_RR_TYPE_DS)
 		ta->numDS++;
 	else	ta->numDNSKEY++;
 	k->next = ta->keylist;
 	ta->keylist = k;
-	return 1;
+	return ta;
 }
 /**
@ -246,12 +246,13 @@ anchor_store_new_key(struct val_anchors* anchors, uint8_t* name, uint16_t type,
 * @param anchors: anchor storage.
 * @param buffer: parsing buffer.
 * @param rr: the rr (allocated by caller).
- * @return false on error.
+ * @return NULL on error, else the trust anchor.
 */
-static int
+static struct trust_anchor*
 anchor_store_new_rr(struct val_anchors* anchors, ldns_buffer* buffer, 
 	ldns_rr* rr)
 {
 	struct trust_anchor* ta;
 	ldns_rdf* owner = ldns_rr_owner(rr);
 	ldns_status status;
 	ldns_buffer_clear(buffer);
@ -260,20 +261,20 @@ anchor_store_new_rr(struct val_anchors* anchors, ldns_buffer* buffer,
 	if(status != LDNS_STATUS_OK) {
 		log_err("error converting trustanchor to wireformat: %s", 
 			ldns_get_errorstr_by_id(status));
-		return 0;
+		return NULL;
 	}
 	ldns_buffer_flip(buffer);
 	ldns_buffer_write_u16_at(buffer, 0, ldns_buffer_limit(buffer) - 2);
-	if(!anchor_store_new_key(anchors, ldns_rdf_data(owner), 
+	if(!(ta=anchor_store_new_key(anchors, ldns_rdf_data(owner), 
 		ldns_rr_get_type(rr), ldns_rr_get_class(rr),
-		ldns_buffer_begin(buffer), ldns_buffer_limit(buffer))) {
+		ldns_buffer_begin(buffer), ldns_buffer_limit(buffer)))) {
-		return 0;
+		return NULL;
 	}
 	log_nametypeclass(VERB_QUERY, "adding trusted key",
 		ldns_rdf_data(owner), 
 		ldns_rr_get_type(rr), ldns_rr_get_class(rr));
-	return 1;
+	return ta;
 }
 int
@ -302,12 +303,14 @@ anchor_store_str(struct val_anchors* anchors, ldns_buffer* buffer,
 * @param anchors: anchor storage.
 * @param buffer: parsing buffer.
 * @param fname: string.
- * @return false on error.
+ * @param onlyone: only one trust anchor allowed in file.
 * @return NULL on error. Else last trust-anchor point.
 */
-static int
+static struct trust_anchor*
 anchor_read_file(struct val_anchors* anchors, ldns_buffer* buffer,
-	const char* fname)
+	const char* fname, int onlyone)
 {
 	struct trust_anchor* ta = NULL, *tanew;
 	uint32_t default_ttl = 3600;
 	ldns_rdf* origin = NULL, *prev = NULL;
 	int line_nr = 1;
@ -339,18 +342,28 @@ anchor_read_file(struct val_anchors* anchors, ldns_buffer* buffer,
 			ldns_rr_free(rr);
 			continue;
 		}
-		if(!anchor_store_new_rr(anchors, buffer, rr)) {
+		if(!(tanew=anchor_store_new_rr(anchors, buffer, rr))) {
 			log_err("error at %s line %d", fname, line_nr);
 			ldns_rr_free(rr);
 			ok = 0;
 			break;
 		}
 		if(onlyone && ta && ta != tanew) {
 			log_err("error at %s line %d: no multiple anchor "
 				"domains allowed (you can have multiple "
 				"keys, but they must have the same name).", 
 				fname, line_nr);
 			ldns_rr_free(rr);
 			ok = 0;
 			break;
 		}
 		ta = tanew;
 		ldns_rr_free(rr);
 	}
 	ldns_rdf_deep_free(origin);
 	ldns_rdf_deep_free(prev);
 	fclose(in);
-	return ok;
+	return ok?ta:NULL;
 }
 /** skip file to end of line */
@ -759,7 +772,7 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
 		if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
 			cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
 			nm += strlen(cfg->chrootdir);
-		if(!anchor_read_file(anchors, parsebuf, nm)) {
+		if(!anchor_read_file(anchors, parsebuf, nm, 0)) {
 			log_err("error reading trust-anchor-file: %s", f->str);
 			ldns_buffer_free(parsebuf);
 			return 0;
@ -787,6 +800,15 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
 			return 0;
 		}
 	}
 	if(cfg->dlv_anchor_file && cfg->dlv_anchor_file[0] != 0) {
 		if(!(anchors->dlv_anchor = anchor_read_file(anchors, parsebuf,
 			cfg->dlv_anchor_file, 1))) {
 			log_err("error reading dlv-anchor-file: %s", 
 				cfg->dlv_anchor_file);
 			ldns_buffer_free(parsebuf);
 			return 0;
 		}
 	}
 	init_parents(anchors);
 	anchors_assemble_rrsets(anchors);
 	ldns_buffer_free(parsebuf);
--- a/validator/val_anchor.h
+++ b/validator/val_anchor.h
@ -60,6 +60,8 @@ struct val_anchors {
 	 * contents of type trust_anchor.
 	 */
 	rbtree_t* tree;
 	/** The DLV trust anchor (if one is configured, else NULL) */
 	struct trust_anchor* dlv_anchor;
 };
 /**