- first services/authzone check in, it compiles and reads and writes

zonefiles.


git-svn-id: file:///svn/unbound/trunk@4178 be551aaa-1e26-0410-a405-d3ace91eadb9

Makefile.in

@@ -112,7 +112,7 @@ iterator/iter_scrub.c iterator/iter_utils.c services/listen_dnsport.c \
 services/localzone.c services/mesh.c services/modstack.c services/view.c \
 services/outbound_list.c services/outside_network.c util/alloc.c \
 util/config_file.c util/configlexer.c util/configparser.c \
-util/shm_side/shm_main.c \
+util/shm_side/shm_main.c services/authzone.c\
 util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \
 util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \
 util/rtt.c util/storage/dnstree.c util/storage/lookup3.c \
@@ -135,7 +135,7 @@ fptr_wlist.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \
 random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
 slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \
 validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
-val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \
+val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\
 $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \
 $(IPSECMOD_OBJ)
 COMMON_OBJ_WITHOUT_NETCALL+=respip.lo
@@ -163,10 +163,10 @@ UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \
 testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \
 testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \
 testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \
-testcode/unitecs.c
+testcode/unitecs.c testcode/unitauth.c
 UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \
 unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \
-readhex.lo testpkts.lo unitldns.lo unitecs.lo
+readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo
 UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \
 $(COMPAT_OBJ)
 DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \
@@ -820,6 +820,13 @@ shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/ut
  $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
  $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/config_file.h \
  $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h
+authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/validator/val_nsec3.h \
+ $(srcdir)/validator/val_secalgo.h
 fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
@@ -828,16 +835,17 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
  $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \
  $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h  \
  $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
- $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \
- $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \
- $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \
- $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \
- $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h $(PYTHONMOD_HEADER) \
- $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \
- $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h
+ $(srcdir)/services/authzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
+ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \
+ $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \
+ $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \
+ $(PYTHONMOD_HEADER) $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h \
+ $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h \
+ $(srcdir)/edns-subnet/edns-subnet.h
 locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
 log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
 mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
@@ -1098,6 +1106,9 @@ unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h
  $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \
  $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
  $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/edns-subnet.h
+unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
 acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
  $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \

doc/Changelog

@@ -1,3 +1,7 @@
+23 May 2017: Wouter
+	- first services/authzone check in, it compiles and reads and writes
+	  zonefiles.
+
 22 May 2017: Wouter
 	- Fix #1268: SIGSEGV after log_reopen.
 

services/authzone.h

@@ -0,0 +1,207 @@
+/*
+ * services/authzone.h - authoritative zone that is locally hosted.
+ *
+ * Copyright (c) 2017, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file contains the functions for an authority zone.  This zone
+ * is queried by the iterator, just like a stub or forward zone, but then
+ * the data is locally held.
+ */
+
+#ifndef SERVICES_AUTHZONE_H
+#define SERVICES_AUTHZONE_H
+#include "util/rbtree.h"
+#include "util/locks.h"
+struct ub_packed_rrset_key;
+struct regional;
+struct config_file;
+struct query_info;
+struct dns_msg;
+
+/**
+ * Authoritative zones, shared.
+ */
+struct auth_zones {
+	/** lock on the authzone tree */
+	lock_rw_type lock;
+	/** rbtree of struct auth_zone */
+	rbtree_type ztree;
+};
+
+/**
+ * Auth zone.  Authoritative data, that is fetched from instead of sending
+ * packets to the internet.
+ */
+struct auth_zone {
+	/** rbtree node, key is name and class */
+	rbnode_type node;
+
+	/** zone name, in uncompressed wireformat */
+	uint8_t* name;
+	/** length of zone name */
+	size_t namelen;
+	/** number of labels in zone name */
+	int namelabs;
+	/** the class of this zone. 
+	 * uses 'dclass' to not conflict with c++ keyword class. */
+	uint16_t dclass;
+
+	/** lock on the data in the structure
+	 * For the node, parent, name, namelen, namelabs, dclass, you
+	 * need to also hold the zones_tree lock to change them (or to
+	 * delete this zone) */
+	lock_rw_type lock;
+
+	/** auth data for this zone
+	 * rbtree of struct auth_data */
+	rbtree_type data;
+
+	/* zonefile name (or NULL for no zonefile) */
+	char* zonefile;
+	/* fallback to the internet on failure or ttl-expiry of auth zone */
+	int fallback_enabled;
+};
+
+/**
+ * Auth data. One domain name, and the RRs to go with it.
+ */
+struct auth_data {
+	/** rbtree node, key is name only */
+	rbnode_type node;
+	/** domain name */
+	uint8_t* name;
+	/** length of name */
+	size_t namelen;
+	/** number of labels in name */
+	int namelabs;
+	/** the data rrsets, with different types, linked list.
+	 * if the list if NULL the node would be an empty non-terminal,
+	 * but in this data structure such nodes that represent an empty
+	 * non-terminal are not needed; they just don't exist.
+	 */
+	struct auth_rrset* rrsets;
+};
+
+/**
+ * A auth data RRset
+ */
+struct auth_rrset {
+	/** next in list */
+	struct auth_rrset* next;
+	/** RRset data item */
+	struct ub_packed_rrset_key* rrset;
+};
+
+/**
+ * Create auth zones structure
+ */
+struct auth_zones* auth_zones_create(void);
+
+/**
+ * Apply configuration to auth zones.  Reads zonefiles.
+ */
+int auth_zones_apply_config(struct auth_zones* az, struct config_file* cfg);
+
+/**
+ * Delete auth zones structure
+ */
+void auth_zones_delete(struct auth_zones* az);
+
+/**
+ * Write auth zone data to file, in zonefile format.
+ */
+int auth_zone_write_file(struct auth_zone* z, const char* fname);
+
+/**
+ * Use auth zones to lookup the answer to a query.
+ * The query is from the iterator.  And the auth zones attempts to provide
+ * the answer instead of going to the internet.
+ *
+ * @param az: auth zones structure.
+ * @param qinfo: query info to lookup.
+ * @param region: region to use to allocate the reply in.
+ * @param msg: reply is stored here (if one).
+ * @param fallback: if true, fallback to making a query to the internet.
+ * @param dp_nm: name of delegation point to look for.  This zone is used
+ *	to answer the query.
+ *	If the dp_nm is not found, fallback is set to true and false returned.
+ * @param dp_nmlen: length of dp_nm.
+ * @return 0: failure (an error of some sort, like servfail).
+ *         if 0 and fallback is true, fallback to the internet.
+ *         if 0 and fallback is false, like getting servfail.
+ *         If true, an answer is available.
+ */
+int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo,
+	struct regional* region, struct dns_msg** msg, int* fallback,
+	uint8_t* dp_nm, size_t dp_nmlen);
+
+/** 
+ * Find the auth zone that is above the given qname.
+ * Return NULL when there is no auth_zone above the give name, otherwise
+ * returns the closest auth_zone above the qname that pertains to it.
+ * @param az: auth zones structure.
+ * @param qinfo: query info to lookup.
+ * @return NULL or auth_zone that pertains to the query.
+ */
+struct auth_zone* auth_zones_find_zone(struct auth_zones* az,
+	struct query_info* qinfo);
+
+/** find an auth zone by name (exact match by name or NULL returned) */
+struct auth_zone* auth_zone_find(struct auth_zones* az, uint8_t* nm,
+	size_t nmlen, uint16_t dclass);
+
+/** create an auth zone. returns wrlocked zone. caller must have wrlock
+ * on az. returns NULL on malloc failure */
+struct auth_zone* auth_zone_create(struct auth_zones* az, uint8_t* nm,
+	size_t nmlen, uint16_t dclass);
+
+/** set auth zone zonefile string. caller must have lock on zone */
+int auth_zone_set_zonefile(struct auth_zone* z, char* zonefile);
+
+/** set auth zone fallback. caller must have lock on zone.
+ * fallbackstr is "yes" or "no". false on parse failure. */
+int auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr);
+
+/** read auth zone from zonefile. caller must lock zone. false on failure */
+int auth_zone_read_zonefile(struct auth_zone* z);
+
+/** compare auth_zones for sorted rbtree */
+int auth_zone_cmp(const void* z1, const void* z2);
+
+/** compare auth_data for sorted rbtree */
+int auth_data_cmp(const void* z1, const void* z2);
+
+#endif /* SERVICES_AUTHZONE_H */

testcode/unitauth.c

@@ -0,0 +1,469 @@
+/*
+ * testcode/unitauth.c - unit test for authzone authoritative zone code.
+ *
+ * Copyright (c) 2017, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/**
+ * \file
+ * Unit test for auth zone code.
+ */
+#include "config.h"
+#include "services/authzone.h"
+#include "testcode/unitmain.h"
+#include "util/regional.h"
+#include "util/net_help.h"
+#include "util/data/msgreply.h"
+#include "services/cache/dns.h"
+#include "sldns/str2wire.h"
+#include "sldns/wire2str.h"
+#include "sldns/sbuffer.h"
+
+/** verbosity for this test */
+static int vbmp = 1;
+
+/** struct for query and answer checks */
+struct q_ans {
+	/** zone to query (delegpt) */
+	const char* zone;
+	/** query name, class, type */
+	const char* query;
+	/** additional flags or "" */
+	const char* flags;
+	/** expected answer to check against, multi-line string */
+	const char* answer;
+};
+
+/** auth zone for test */
+static const char* zone_example_com =
+"example.com.	3600	IN	SOA	ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
+"example.com.	3600	IN	A	10.0.0.1\n"
+"example.com.	3600	IN	NS	ns.example.com.\n"
+"example.com.	3600	IN	MX	50 mail.example.com.\n"
+"deep.ent.example.com.	3600	IN	A	10.0.0.9\n"
+"mail.example.com.	3600	IN	A	10.0.0.4\n"
+"ns.example.com.	3600	IN	A	10.0.0.5\n"
+"out.example.com.	3600	IN	CNAME	www.example.com.\n"
+"plan.example.com.	3600	IN	CNAME	nonexist.example.com.\n"
+"redir.example.com.	3600	IN	DNAME	redir.example.org.\n"
+"sub.example.com.	3600	IN	NS	ns1.sub.example.com.\n"
+"sub.example.com.	3600	IN	NS	ns2.sub.example.com.\n"
+"ns1.sub.example.com.	3600	IN	A	10.0.0.6\n"
+"ns2.sub.example.com.	3600	IN	AAAA	2001::7\n"
+"*.wild.example.com.	3600	IN	A	10.0.0.8\n"
+"www.example.com.	3600	IN	A	10.0.0.2\n"
+"www.example.com.	3600	IN	A	10.0.0.3\n"
+"yy.example.com.	3600	IN	TXT	\"a\"\n"
+"yy.example.com.	3600	IN	TXT	\"b\"\n"
+"yy.example.com.	3600	IN	TXT	\"c\"\n"
+"yy.example.com.	3600	IN	TXT	\"d\"\n"
+"yy.example.com.	3600	IN	TXT	\"e\"\n"
+"yy.example.com.	3600	IN	TXT	\"f\"\n"
+
+/* and some tests for RRSIGs (rrsig is www.nlnetlabs.nl copy) */
+/* normal: domain and 1 rrsig */
+"z1.example.com.	3600	IN	A	10.0.0.10\n"
+"z1.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
+/* normal: domain and 2 rrsigs */
+"z2.example.com.	3600	IN	A	10.0.0.10\n"
+"z2.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
+"z2.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n"
+/* normal: domain and 3 rrsigs */
+"z3.example.com.	3600	IN	A	10.0.0.10\n"
+"z3.example.com.	3600	IN	A	10.0.0.11\n"
+"z3.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
+"z3.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n"
+"z3.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 12356 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12356}\n"
+/* just an RRSIG rrset with nothing else */
+"z4.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
+/* just an RRSIG rrset with nothing else, 2 rrsigs */
+"z5.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
+"z5.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n"
+#if 0 /* comparison of file does not work on this part because duplicates */
+      /* are removed and the rrsets are reordered */
+/* first rrsig, then A record */
+"z6.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
+"z6.example.com.	3600	IN	A	10.0.0.10\n"
+/* first two rrsigs, then A record */
+"z7.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
+"z7.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n"
+"z7.example.com.	3600	IN	A	10.0.0.10\n"
+/* first two rrsigs, then two A records */
+"z8.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
+"z8.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n"
+"z8.example.com.	3600	IN	A	10.0.0.10\n"
+"z8.example.com.	3600	IN	A	10.0.0.11\n"
+/* duplicate RR, duplicate RRsig */
+"z9.example.com.	3600	IN	A	10.0.0.10\n"
+"z9.example.com.	3600	IN	A	10.0.0.11\n"
+"z9.example.com.	3600	IN	A	10.0.0.10\n"
+"z9.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
+"z9.example.com.	3600	IN	RRSIG	A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
+#endif /* if0 for duplicates and reordering */
+;
+
+/** queries for example.com: zone, query, flags, answer. end with NULL */
+static struct q_ans example_com_queries[] = {
+	{"example.com", "www.example.com A", "",
+";flags QR AA rcode NOERROR\n"
+";answer section\n"
+"www.example.com.	3600	IN	A	10.0.0.2\n"
+"www.example.com.	3600	IN	A	10.0.0.3\n"
+	},
+	{NULL, NULL, NULL, NULL}
+};
+
+/** number of tmpfiles */
+static int tempno = 0;
+/** number of deleted files */
+static int delno = 0;
+
+/** cleanup tmp files at exit */
+static void
+tmpfilecleanup(void)
+{
+	int i;
+	char buf[256];
+	for(i=0; i<tempno; i++) {
+		snprintf(buf, sizeof(buf), "/tmp/unbound.unittest.%u.%d",
+			(unsigned)getpid(), i);
+		if(vbmp) printf("cleanup: unlink %s\n", buf);
+		unlink(buf);
+	}
+}
+
+/** create temp file, return (malloced) name string, write contents to it */
+static char*
+create_tmp_file(const char* s)
+{
+	char buf[256];
+	char *fname;
+	FILE *out;
+	snprintf(buf, sizeof(buf), "/tmp/unbound.unittest.%u.%d",
+		(unsigned)getpid(), tempno++);
+	fname = strdup(buf);
+	if(!fname) fatal_exit("out of memory");
+	/* if no string, just make the name */
+	if(!s) return fname;
+	/* if string, write to file */
+	out = fopen(fname, "w");
+	if(!out) fatal_exit("cannot open %s: %s", fname, strerror(errno));
+	fwrite(s, strlen(s), 1, out);
+	fclose(out);
+	return fname;
+}
+
+/** delete temp file and free name string */
+static void
+del_tmp_file(char* fname)
+{
+	unlink(fname);
+	free(fname);
+	delno++;
+	if(delno == tempno) {
+		/* deleted all outstanding files, back to start condition */
+		tempno = 0;
+		delno = 0;
+	}
+}
+
+/** Add zone from file for testing */
+static struct auth_zone*
+addzone(struct auth_zones* az, const char* name, char* fname)
+{
+	struct auth_zone* z;
+	size_t nmlen;
+	uint8_t* nm = sldns_str2wire_dname(name, &nmlen);
+	if(!nm) fatal_exit("out of memory");
+	lock_rw_wrlock(&az->lock);
+	z = auth_zone_create(az, nm, nmlen, LDNS_RR_CLASS_IN);
+	lock_rw_unlock(&az->lock);
+	if(!z) fatal_exit("cannot find zone");
+	auth_zone_set_zonefile(z, fname);
+
+	if(!auth_zone_read_zonefile(z)) {
+		fatal_exit("parse failure for auth zone %s", name);
+	}
+	lock_rw_unlock(&z->lock);
+	free(nm);
+	return z;
+}
+
+/** check that file is the same as other file */
+static void
+checkfile(char* f1, char *f2)
+{
+	char buf1[10240], buf2[10240];
+	int line = 0;
+	FILE* i1, *i2;
+	i1 = fopen(f1, "r");
+	if(!i1) fatal_exit("cannot open %s: %s", f1, strerror(errno));
+	i2 = fopen(f2, "r");
+	if(!i2) fatal_exit("cannot open %s: %s", f2, strerror(errno));
+
+	while(!feof(i1) && !feof(i2)) {
+		line++;
+		fgets(buf1, sizeof(buf1), i1);
+		fgets(buf2, sizeof(buf2), i2);
+		if(strcmp(buf1, buf2) != 0) {
+			log_info("in files %s and %s:%d", f1, f2, line);
+			log_info("'%s'", buf1);
+			log_info("'%s'", buf2);
+			fatal_exit("files are not eqaul");
+		}
+	}
+	unit_assert(feof(i1) && feof(i2));
+
+	fclose(i1);
+	fclose(i2);
+}
+
+/** check that a zone (in string) can be read and reproduced */
+static void
+check_read_exact(const char* name, const char* zone)
+{
+	struct auth_zones* az;
+	struct auth_zone* z;
+	char* fname, *outf;
+	if(vbmp) printf("check read zone %s\n", name);
+	fname = create_tmp_file(zone);
+
+	az = auth_zones_create();
+	unit_assert(az);
+	z = addzone(az, name, fname);
+	unit_assert(z);
+	outf = create_tmp_file(NULL);
+	if(!auth_zone_write_file(z, outf)) {
+		fatal_exit("write file failed for %s", fname);
+	}
+	checkfile(fname, outf);
+
+	del_tmp_file(fname);
+	del_tmp_file(outf);
+	auth_zones_delete(az);
+}
+
+/** parse q_ans structure for making query */
+static void
+q_ans_parse(struct q_ans* q, struct regional* region,
+	struct query_info** qinfo, int* fallback, uint8_t** dp_nm,
+	size_t* dp_nmlen)
+{
+	int ret;
+	uint8_t buf[65535];
+	size_t len, dname_len;
+
+	/* parse flags */
+	*fallback = 0; /* default fallback value */
+	if(strstr(q->flags, "fallback"))
+		*fallback = 1;
+	
+	/* parse zone */
+	*dp_nmlen = sizeof(buf);
+	if((ret=sldns_str2wire_dname_buf(q->zone, buf, dp_nmlen))!=0)
+		fatal_exit("cannot parse query dp zone %s : %s", q->zone,
+			sldns_get_errorstr_parse(ret));
+	*dp_nm = regional_alloc_init(region, buf, *dp_nmlen);
+	if(!dp_nm) fatal_exit("out of memory");
+
+	/* parse query */
+	len = sizeof(buf);
+	dname_len = 0;
+	if((ret=sldns_str2wire_rr_question_buf(q->query, buf, &len, &dname_len,
+		*dp_nm, *dp_nmlen, NULL, 0))!=0)
+		fatal_exit("cannot parse query %s : %s", q->query,
+			sldns_get_errorstr_parse(ret));
+	*qinfo = (struct query_info*)regional_alloc_zero(region,
+		sizeof(**qinfo));
+	if(!*qinfo) fatal_exit("out of memory");
+	(*qinfo)->qname = regional_alloc_init(region, buf, dname_len);
+	if(!(*qinfo)->qname) fatal_exit("out of memory");
+	(*qinfo)->qtype = sldns_wirerr_get_type(buf, len, dname_len);
+	(*qinfo)->qclass = sldns_wirerr_get_class(buf, len, dname_len);
+}
+
+/** print flags to string */
+static void
+pr_flags(sldns_buffer* buf, uint16_t flags)
+{
+	char rcode[32];
+	sldns_buffer_printf(buf, ";flags");
+	if((flags&BIT_QR)!=0) sldns_buffer_printf(buf, " QR");
+	if((flags&BIT_AA)!=0) sldns_buffer_printf(buf, " AA");
+	if((flags&BIT_TC)!=0) sldns_buffer_printf(buf, " TC");
+	if((flags&BIT_RD)!=0) sldns_buffer_printf(buf, " RD");
+	if((flags&BIT_CD)!=0) sldns_buffer_printf(buf, " CD");
+	if((flags&BIT_RA)!=0) sldns_buffer_printf(buf, " RA");
+	if((flags&BIT_AD)!=0) sldns_buffer_printf(buf, " AD");
+	if((flags&BIT_Z)!=0) sldns_buffer_printf(buf, " Z");
+	sldns_wire2str_rcode_buf(FLAGS_GET_RCODE(flags), rcode, sizeof(rcode));
+	sldns_buffer_printf(buf, " rcode %s", rcode);
+	sldns_buffer_printf(buf, "\n");
+}
+
+/** print RRs to string */
+static void
+pr_rrs(sldns_buffer* buf, struct reply_info* rep)
+{
+	char s[65536];
+	size_t i, j;
+	struct packed_rrset_data* d;
+	log_assert(rep->rrset_count == rep->an_numrrsets + rep->ns_numrrsets
+		+ rep->ar_numrrsets);
+	for(i=0; i<rep->rrset_count; i++) {
+		/* section heading */
+		if(i == 0 && rep->an_numrrsets != 0)
+			sldns_buffer_printf(buf, ";answer section\n");
+		else if(i == rep->an_numrrsets && rep->ns_numrrsets != 0)
+			sldns_buffer_printf(buf, ";authority section\n");
+		else if(i == rep->an_numrrsets+rep->ns_numrrsets &&
+			rep->ar_numrrsets != 0)
+			sldns_buffer_printf(buf, ";additional section\n");
+		/* spool RRset */
+		d = (struct packed_rrset_data*)rep->rrsets[i]->entry.data;
+		for(j=0; j<d->count+d->rrsig_count; j++) {
+			if(!packed_rr_to_string(rep->rrsets[i], j, 0,
+				s, sizeof(s))) {
+				fatal_exit("could not rr_to_string %d",
+					(int)i);
+			}
+			sldns_buffer_printf(buf, "%s", s);
+		}
+	}
+}
+
+/** create string for message */
+static char*
+msgtostr(struct dns_msg* msg)
+{
+	char* str;
+	sldns_buffer* buf = sldns_buffer_new(65535);
+	if(!buf) fatal_exit("out of memory");
+	pr_flags(buf, msg->rep->flags);
+	pr_rrs(buf, msg->rep);
+
+	str = strdup((char*)sldns_buffer_begin(buf));
+	if(!str) fatal_exit("out of memory");
+	sldns_buffer_free(buf);
+	return str;
+}
+
+/** make q_ans query */
+static void
+q_ans_query(struct q_ans* q, struct auth_zones* az, struct query_info* qinfo,
+	struct regional* region, int expected_fallback, uint8_t* dp_nm,
+	size_t dp_nmlen)
+{
+	int ret, fallback = 0;
+	struct dns_msg* msg = NULL;
+	char* ans_str;
+	ret = auth_zones_lookup(az, qinfo, region, &msg, &fallback, dp_nm,
+		dp_nmlen);
+
+	/* check the answer */
+	ans_str = msgtostr(msg);
+	/* printout if vbmp */
+	if(vbmp) printf("got (ret=%s%s):\n%s",
+		(ret?"ok":"fail"), (fallback?" fallback":""), ans_str);
+	/* check expected value for ret */
+	/* check expected value for fallback */
+	/* check answer string */
+	free(ans_str);
+}
+
+/** check queries on a loaded zone */
+static void
+check_az_q_ans(struct auth_zones* az, struct q_ans* queries)
+{
+	struct q_ans* q;
+	struct regional* region = regional_create();
+	struct query_info* qinfo;
+	int fallback;
+	uint8_t* dp_nm;
+	size_t dp_nmlen;
+	for(q=queries; q->zone; q++) {
+		if(vbmp) printf("query %s: %s %s\n", q->zone, q->query,
+			q->flags);
+		q_ans_parse(q, region, &qinfo, &fallback, &dp_nm, &dp_nmlen);
+		q_ans_query(q, az, qinfo, region, fallback, dp_nm, dp_nmlen);
+		regional_free_all(region);
+	}
+	regional_destroy(region);
+}
+
+/** check queries for a zone are returned as specified */
+static void
+check_queries(const char* name, const char* zone, struct q_ans* queries)
+{
+	struct auth_zones* az;
+	struct auth_zone* z;
+	char* fname;
+	if(vbmp) printf("check queries %s\n", name);
+	fname = create_tmp_file(zone);
+	az = auth_zones_create();
+	if(!az) fatal_exit("out of memory");
+	z = addzone(az, name, fname);
+	if(!z) fatal_exit("could not read zone for queries test");
+	del_tmp_file(fname);
+
+	/* run queries and test them */
+	check_az_q_ans(az, queries);
+
+	auth_zones_delete(az);
+}
+
+/** Test authzone read from file */
+static void
+authzone_read_test(void)
+{
+	if(vbmp) log_info("Testing read auth zone");
+	check_read_exact("example.com", zone_example_com);
+}
+
+/** Test authzone query from zone */
+static void
+authzone_query_test(void)
+{
+	if(vbmp) log_info("Testing query auth zone");
+	check_queries("example.com", zone_example_com, example_com_queries);
+}
+
+/** test authzone code */
+void 
+authzone_test(void)
+{
+	unit_show_feature("authzone");
+	atexit(tmpfilecleanup);
+	authzone_read_test();
+	authzone_query_test();
+	/* exit(0);*/ /* DEBUG */
+}

testcode/unitmain.c

@@ -869,6 +869,7 @@ main(int argc, char* argv[])
 		fatal_exit("could not init NSS");
 #endif /* HAVE_SSL or HAVE_NSS*/
 	checklock_start();
+	authzone_test();
 	neg_test();
 	rnd_test();
 	respip_test();

testcode/unitmain.h

@@ -78,5 +78,7 @@ void ecs_test(void);
 #endif /* CLIENT_SUBNET */
 /** unit test for ldns functions */
 void ldns_test(void);
+/** unit test for auth zone functions */
+void authzone_test(void);
 
 #endif /* TESTCODE_UNITMAIN_H */

util/fptr_wlist.c

@@ -49,6 +49,7 @@
 #include "services/outside_network.h"
 #include "services/mesh.h"
 #include "services/localzone.h"
+#include "services/authzone.h"
 #include "services/cache/infra.h"
 #include "services/cache/rrset.h"
 #include "services/view.h"
@@ -212,6 +213,8 @@ fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *))
 	else if(fptr == &probetree_cmp) return 1;
 	else if(fptr == &replay_var_compare) return 1;
 	else if(fptr == &view_cmp) return 1;
+	else if(fptr == &auth_zone_cmp) return 1;
+	else if(fptr == &auth_data_cmp) return 1;
 	return 0;
 }