ncache.c 19.5 KB
Newer Older
Bob Halley's avatar
Bob Halley committed
1
/*
2
 * Copyright (C) 2004, 2005, 2007, 2008, 2010-2014  Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
3
 * Copyright (C) 1999-2003  Internet Software Consortium.
4
 *
Automatic Updater's avatar
Automatic Updater committed
5
 * Permission to use, copy, modify, and/or distribute this software for any
Bob Halley's avatar
Bob Halley committed
6
7
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
8
 *
Mark Andrews's avatar
Mark Andrews committed
9
10
11
12
13
14
15
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
Bob Halley's avatar
Bob Halley committed
16
17
 */

Mark Andrews's avatar
Mark Andrews committed
18
/* $Id$ */
19
20

/*! \file */
David Lawrence's avatar
David Lawrence committed
21

Bob Halley's avatar
Bob Halley committed
22
23
#include <config.h>

Brian Wellington's avatar
Brian Wellington committed
24
#include <isc/buffer.h>
Bob Halley's avatar
Bob Halley committed
25
#include <isc/util.h>
Bob Halley's avatar
Bob Halley committed
26
27

#include <dns/db.h>
28
29
#include <dns/message.h>
#include <dns/ncache.h>
Bob Halley's avatar
Bob Halley committed
30
31
#include <dns/rdata.h>
#include <dns/rdatalist.h>
32
#include <dns/rdataset.h>
33
34
35
#include <dns/rdatastruct.h>

#define DNS_NCACHE_RDATA 20U
Bob Halley's avatar
Bob Halley committed
36
37

/*
38
 * The format of an ncache rdata is a sequence of zero or more records of
Bob Halley's avatar
Bob Halley committed
39
40
41
42
 * the following format:
 *
 *	owner name
 *	type
43
 *	trust
Bob Halley's avatar
Bob Halley committed
44
45
46
47
48
49
 *	rdata count
 *		rdata length			These two occur 'rdata count'
 *		rdata				times.
 *
 */

50
51
52
53
54
55
static isc_result_t
addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
	  dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl,
	  isc_boolean_t optout, isc_boolean_t secure,
	  dns_rdataset_t *addedrdataset);

Bob Halley's avatar
Bob Halley committed
56
57
58
59
60
static inline isc_result_t
copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) {
	isc_result_t result;
	unsigned int count;
	isc_region_t ar, r;
61
	dns_rdata_t rdata = DNS_RDATA_INIT;
Bob Halley's avatar
Bob Halley committed
62
63
64
65

	/*
	 * Copy the rdataset count to the buffer.
	 */
66
	isc_buffer_availableregion(buffer, &ar);
Bob Halley's avatar
Bob Halley committed
67
68
69
70
71
72
73
74
75
76
77
	if (ar.length < 2)
		return (ISC_R_NOSPACE);
	count = dns_rdataset_count(rdataset);
	INSIST(count <= 65535);
	isc_buffer_putuint16(buffer, (isc_uint16_t)count);

	result = dns_rdataset_first(rdataset);
	while (result == ISC_R_SUCCESS) {
		dns_rdataset_current(rdataset, &rdata);
		dns_rdata_toregion(&rdata, &r);
		INSIST(r.length <= 65535);
78
		isc_buffer_availableregion(buffer, &ar);
Bob Halley's avatar
Bob Halley committed
79
80
81
82
83
84
85
86
87
88
89
90
		if (ar.length < 2)
			return (ISC_R_NOSPACE);
		/*
		 * Copy the rdata length to the buffer.
		 */
		isc_buffer_putuint16(buffer, (isc_uint16_t)r.length);
		/*
		 * Copy the rdata to the buffer.
		 */
		result = isc_buffer_copyregion(buffer, &r);
		if (result != ISC_R_SUCCESS)
			return (result);
91
		dns_rdata_reset(&rdata);
Bob Halley's avatar
Bob Halley committed
92
93
94
95
96
97
98
99
100
101
		result = dns_rdataset_next(rdataset);
	}
	if (result != ISC_R_NOMORE)
		return (result);

	return (ISC_R_SUCCESS);
}

isc_result_t
dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
102
	       dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl,
Bob Halley's avatar
Bob Halley committed
103
	       dns_rdataset_t *addedrdataset)
104
{
105
106
	return (addoptout(message, cache, node, covers, now, maxttl,
			  ISC_FALSE, ISC_FALSE, addedrdataset));
107
108
109
110
111
112
113
}

isc_result_t
dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache,
		     dns_dbnode_t *node, dns_rdatatype_t covers,
		     isc_stdtime_t now, dns_ttl_t maxttl,
		     isc_boolean_t optout, dns_rdataset_t *addedrdataset)
114
115
116
117
118
119
120
121
122
123
{
	return (addoptout(message, cache, node, covers, now, maxttl,
			  optout, ISC_TRUE, addedrdataset));
}

static isc_result_t
addoptout(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
	  dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl,
	  isc_boolean_t optout, isc_boolean_t secure,
	  dns_rdataset_t *addedrdataset)
Bob Halley's avatar
Bob Halley committed
124
125
126
127
128
129
130
131
{
	isc_result_t result;
	isc_buffer_t buffer;
	isc_region_t r;
	dns_rdataset_t *rdataset;
	dns_rdatatype_t type;
	dns_name_t *name;
	dns_ttl_t ttl;
132
	dns_trust_t trust;
133
	dns_rdata_t rdata[DNS_NCACHE_RDATA];
134
135
136
	dns_rdataset_t ncrdataset;
	dns_rdatalist_t ncrdatalist;
	unsigned char data[4096];
137
	unsigned int next = 0;
Bob Halley's avatar
Bob Halley committed
138

Bob Halley's avatar
Bob Halley committed
139
140
141
142
143
144
145
	/*
	 * Convert the authority data from 'message' into a negative cache
	 * rdataset, and store it in 'cache' at 'node'.
	 */

	REQUIRE(message != NULL);

Bob Halley's avatar
Bob Halley committed
146
147
148
149
150
151
	/*
	 * We assume that all data in the authority section has been
	 * validated by the caller.
	 */

	/*
152
153
154
155
156
157
158
159
160
161
162
	 * Initialize the list.
	 */
	ncrdatalist.rdclass = dns_db_class(cache);
	ncrdatalist.type = 0;
	ncrdatalist.covers = covers;
	ncrdatalist.ttl = maxttl;
	ISC_LIST_INIT(ncrdatalist.rdata);
	ISC_LINK_INIT(&ncrdatalist, link);

	/*
	 * Build an ncache rdatas into buffer.
Bob Halley's avatar
Bob Halley committed
163
	 */
164
	ttl = maxttl;
165
	trust = 0xffff;
166
	isc_buffer_init(&buffer, data, sizeof(data));
167
168
169
170
	if (message->counts[DNS_SECTION_AUTHORITY])
		result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
	else
		result = ISC_R_NOMORE;
Bob Halley's avatar
Bob Halley committed
171
172
173
174
	while (result == ISC_R_SUCCESS) {
		name = NULL;
		dns_message_currentname(message, DNS_SECTION_AUTHORITY,
					&name);
175
		if ((name->attributes & DNS_NAMEATTR_NCACHE) != 0) {
176
177
178
179
180
181
182
			for (rdataset = ISC_LIST_HEAD(name->list);
			     rdataset != NULL;
			     rdataset = ISC_LIST_NEXT(rdataset, link)) {
				if ((rdataset->attributes &
				     DNS_RDATASETATTR_NCACHE) == 0)
					continue;
				type = rdataset->type;
183
				if (type == dns_rdatatype_rrsig)
184
185
					type = rdataset->covers;
				if (type == dns_rdatatype_soa ||
186
187
				    type == dns_rdatatype_nsec ||
				    type == dns_rdatatype_nsec3) {
188
189
					if (ttl > rdataset->ttl)
						ttl = rdataset->ttl;
190
191
					if (trust > rdataset->trust)
						trust = rdataset->trust;
192
193
194
195
196
197
198
199
200
201
202
					/*
					 * Copy the owner name to the buffer.
					 */
					dns_name_toregion(name, &r);
					result = isc_buffer_copyregion(&buffer,
								       &r);
					if (result != ISC_R_SUCCESS)
						return (result);
					/*
					 * Copy the type to the buffer.
					 */
203
204
					isc_buffer_availableregion(&buffer,
								   &r);
205
					if (r.length < 3)
206
						return (ISC_R_NOSPACE);
207
208
					isc_buffer_putuint16(&buffer,
							     rdataset->type);
209
					isc_buffer_putuint8(&buffer,
210
					       (unsigned char)rdataset->trust);
211
212
213
214
215
216
217
					/*
					 * Copy the rdataset into the buffer.
					 */
					result = copy_rdataset(rdataset,
							       &buffer);
					if (result != ISC_R_SUCCESS)
						return (result);
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232

					if (next >= DNS_NCACHE_RDATA)
						return (ISC_R_NOSPACE);
					dns_rdata_init(&rdata[next]);
					isc_buffer_remainingregion(&buffer, &r);
					rdata[next].data = r.base;
					rdata[next].length = r.length;
					rdata[next].rdclass =
						ncrdatalist.rdclass;
					rdata[next].type = 0;
					rdata[next].flags = 0;
					ISC_LIST_APPEND(ncrdatalist.rdata,
							&rdata[next], link);
					isc_buffer_forward(&buffer, r.length);
					next++;
233
				}
Bob Halley's avatar
Bob Halley committed
234
235
236
237
238
239
240
			}
		}
		result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
	}
	if (result != ISC_R_NOMORE)
		return (result);

241
242
243
244
245
246
247
248
249
250
	if (trust == 0xffff) {
		if ((message->flags & DNS_MESSAGEFLAG_AA) != 0 &&
		    message->counts[DNS_SECTION_ANSWER] == 0) {
			/*
			 * The response has aa set and we haven't followed
			 * any CNAME or DNAME chains.
			 */
			trust = dns_trust_authauthority;
		} else
			trust = dns_trust_additional;
251
		ttl = 0;
252
253
	}

254
	INSIST(trust != 0xffff);
Bob Halley's avatar
Bob Halley committed
255

256
	ncrdatalist.ttl = ttl;
Bob Halley's avatar
Bob Halley committed
257
258

	dns_rdataset_init(&ncrdataset);
259
260
	RUNTIME_CHECK(dns_rdatalist_tordataset(&ncrdatalist, &ncrdataset)
		      == ISC_R_SUCCESS);
261
262
	if (!secure && trust > dns_trust_answer)
		trust = dns_trust_answer;
263
	ncrdataset.trust = trust;
264
	ncrdataset.attributes |= DNS_RDATASETATTR_NEGATIVE;
265
266
	if (message->rcode == dns_rcode_nxdomain)
		ncrdataset.attributes |= DNS_RDATASETATTR_NXDOMAIN;
267
268
	if (optout)
		ncrdataset.attributes |= DNS_RDATASETATTR_OPTOUT;
Bob Halley's avatar
Bob Halley committed
269

270
	return (dns_db_addrdataset(cache, node, NULL, now, &ncrdataset,
271
				   0, addedrdataset));
Bob Halley's avatar
Bob Halley committed
272
273
274
275
}

isc_result_t
dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx,
276
		  isc_buffer_t *target, unsigned int options,
277
		  unsigned int *countp)
Bob Halley's avatar
Bob Halley committed
278
{
279
	dns_rdata_t rdata = DNS_RDATA_INIT;
Bob Halley's avatar
Bob Halley committed
280
	isc_result_t result;
281
	isc_region_t remaining, tavailable;
Bob Halley's avatar
Bob Halley committed
282
283
284
285
286
287
288
289
290
291
292
	isc_buffer_t source, savedbuffer, rdlen;
	dns_name_t name;
	dns_rdatatype_t type;
	unsigned int i, rcount, count;

	/*
	 * Convert the negative caching rdataset 'rdataset' to wire format,
	 * compressing names as specified in 'cctx', and storing the result in
	 * 'target'.
	 */

293
	REQUIRE(rdataset != NULL);
Bob Halley's avatar
Bob Halley committed
294
	REQUIRE(rdataset->type == 0);
295
	REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
Bob Halley's avatar
Bob Halley committed
296

Bob Halley's avatar
Bob Halley committed
297
298
	savedbuffer = *target;
	count = 0;
299
300
301
302
303
304

	result = dns_rdataset_first(rdataset);
	while (result == ISC_R_SUCCESS) {
		dns_rdataset_current(rdataset, &rdata);
		isc_buffer_init(&source, rdata.data, rdata.length);
		isc_buffer_add(&source, rdata.length);
Bob Halley's avatar
Bob Halley committed
305
		dns_name_init(&name, NULL);
306
		isc_buffer_remainingregion(&source, &remaining);
Bob Halley's avatar
Bob Halley committed
307
308
309
310
311
		dns_name_fromregion(&name, &remaining);
		INSIST(remaining.length >= name.length);
		isc_buffer_forward(&source, name.length);
		remaining.length -= name.length;

312
		INSIST(remaining.length >= 5);
Bob Halley's avatar
Bob Halley committed
313
		type = isc_buffer_getuint16(&source);
314
		isc_buffer_forward(&source, 1);
Bob Halley's avatar
Bob Halley committed
315
		rcount = isc_buffer_getuint16(&source);
Bob Halley's avatar
Bob Halley committed
316

Bob Halley's avatar
Bob Halley committed
317
318
319
320
321
		for (i = 0; i < rcount; i++) {
			/*
			 * Get the length of this rdata and set up an
			 * rdata structure for it.
			 */
322
			isc_buffer_remainingregion(&source, &remaining);
Bob Halley's avatar
Bob Halley committed
323
			INSIST(remaining.length >= 2);
324
			dns_rdata_reset(&rdata);
Bob Halley's avatar
Bob Halley committed
325
			rdata.length = isc_buffer_getuint16(&source);
326
			isc_buffer_remainingregion(&source, &remaining);
Bob Halley's avatar
Bob Halley committed
327
328
329
330
331
332
			rdata.data = remaining.base;
			rdata.type = type;
			rdata.rdclass = rdataset->rdclass;
			INSIST(remaining.length >= rdata.length);
			isc_buffer_forward(&source, rdata.length);

333
334
			if ((options & DNS_NCACHETOWIRE_OMITDNSSEC) != 0 &&
			    dns_rdatatype_isdnssec(type))
335
336
				continue;

Bob Halley's avatar
Bob Halley committed
337
338
339
			/*
			 * Write the name.
			 */
340
			dns_compress_setmethods(cctx, DNS_COMPRESS_GLOBAL14);
Bob Halley's avatar
Bob Halley committed
341
			result = dns_name_towire(&name, cctx, target);
342
			if (result != ISC_R_SUCCESS)
Bob Halley's avatar
Bob Halley committed
343
344
345
346
347
348
				goto rollback;

			/*
			 * See if we have space for type, class, ttl, and
			 * rdata length.  Write the type, class, and ttl.
			 */
349
350
			isc_buffer_availableregion(target, &tavailable);
			if (tavailable.length < 10) {
Bob Halley's avatar
Bob Halley committed
351
352
353
354
355
356
357
358
359
360
361
362
				result = ISC_R_NOSPACE;
				goto rollback;
			}
			isc_buffer_putuint16(target, type);
			isc_buffer_putuint16(target, rdataset->rdclass);
			isc_buffer_putuint32(target, rdataset->ttl);

			/*
			 * Save space for rdata length.
			 */
			rdlen = *target;
			isc_buffer_add(target, 2);
363

Bob Halley's avatar
Bob Halley committed
364
365
366
367
			/*
			 * Write the rdata.
			 */
			result = dns_rdata_towire(&rdata, cctx, target);
368
			if (result != ISC_R_SUCCESS)
Bob Halley's avatar
Bob Halley committed
369
370
371
372
373
374
				goto rollback;

			/*
			 * Set the rdata length field to the compressed
			 * length.
			 */
375
376
			INSIST((target->used >= rdlen.used + 2) &&
			       (target->used - rdlen.used - 2 < 65536));
Bob Halley's avatar
Bob Halley committed
377
			isc_buffer_putuint16(&rdlen,
378
379
					     (isc_uint16_t)(target->used -
							    rdlen.used - 2));
Bob Halley's avatar
Bob Halley committed
380
381
382

			count++;
		}
383
384
385
386
387
388
		INSIST(isc_buffer_remaininglength(&source) == 0);
		result = dns_rdataset_next(rdataset);
		dns_rdata_reset(&rdata);
	}
	if (result != ISC_R_NOMORE)
		goto rollback;
Bob Halley's avatar
Bob Halley committed
389
390

	*countp = count;
391

Bob Halley's avatar
Bob Halley committed
392
393
394
	return (ISC_R_SUCCESS);

 rollback:
395
396
	INSIST(savedbuffer.used < 65536);
	dns_compress_rollback(cctx, (isc_uint16_t)savedbuffer.used);
Bob Halley's avatar
Bob Halley committed
397
398
399
400
	*countp = 0;
	*target = savedbuffer;

	return (result);
Bob Halley's avatar
Bob Halley committed
401
}
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419

static void
rdataset_disassociate(dns_rdataset_t *rdataset) {
	UNUSED(rdataset);
}

static isc_result_t
rdataset_first(dns_rdataset_t *rdataset) {
	unsigned char *raw = rdataset->private3;
	unsigned int count;

	count = raw[0] * 256 + raw[1];
	if (count == 0) {
		rdataset->private5 = NULL;
		return (ISC_R_NOMORE);
	}
	raw += 2;
	/*
420
	 * The privateuint4 field is the number of rdata beyond the cursor
421
422
423
424
	 * position, so we decrement the total count by one before storing
	 * it.
	 */
	count--;
425
	rdataset->privateuint4 = count;
426
427
428
429
430
431
432
433
434
435
436
	rdataset->private5 = raw;

	return (ISC_R_SUCCESS);
}

static isc_result_t
rdataset_next(dns_rdataset_t *rdataset) {
	unsigned int count;
	unsigned int length;
	unsigned char *raw;

437
	count = rdataset->privateuint4;
438
439
440
	if (count == 0)
		return (ISC_R_NOMORE);
	count--;
441
	rdataset->privateuint4 = count;
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
	raw = rdataset->private5;
	length = raw[0] * 256 + raw[1];
	raw += length + 2;
	rdataset->private5 = raw;

	return (ISC_R_SUCCESS);
}

static void
rdataset_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata) {
	unsigned char *raw = rdataset->private5;
	isc_region_t r;

	REQUIRE(raw != NULL);

	r.length = raw[0] * 256 + raw[1];
	raw += 2;
	r.base = raw;
	dns_rdata_fromregion(rdata, rdataset->rdclass, rdataset->type, &r);
}

static void
rdataset_clone(dns_rdataset_t *source, dns_rdataset_t *target) {
	*target = *source;

	/*
	 * Reset iterator state.
	 */
470
	target->privateuint4 = 0;
471
472
473
474
475
476
477
478
479
480
481
482
483
	target->private5 = NULL;
}

static unsigned int
rdataset_count(dns_rdataset_t *rdataset) {
	unsigned char *raw = rdataset->private3;
	unsigned int count;

	count = raw[0] * 256 + raw[1];

	return (count);
}

484
485
486
487
static void
rdataset_settrust(dns_rdataset_t *rdataset, dns_trust_t trust) {
	unsigned char *raw = rdataset->private3;

488
	raw[-1] = (unsigned char)trust;
489
490
}

491
492
493
494
495
496
static dns_rdatasetmethods_t rdataset_methods = {
	rdataset_disassociate,
	rdataset_first,
	rdataset_next,
	rdataset_current,
	rdataset_clone,
497
498
	rdataset_count,
	NULL,
499
500
501
	NULL,
	NULL,
	NULL,
502
503
	NULL,
	NULL,
504
	NULL,
505
	rdataset_settrust,
506
	NULL,
507
	NULL
508
509
510
511
512
513
514
515
516
517
518
519
};

isc_result_t
dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name,
		       dns_rdatatype_t type, dns_rdataset_t *rdataset)
{
	isc_result_t result;
	dns_rdata_t rdata = DNS_RDATA_INIT;
	isc_region_t remaining;
	isc_buffer_t source;
	dns_name_t tname;
	dns_rdatatype_t ttype;
520
521
	dns_trust_t trust = dns_trust_none;
	dns_rdataset_t clone;
522
523
524

	REQUIRE(ncacherdataset != NULL);
	REQUIRE(ncacherdataset->type == 0);
525
	REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
526
527
	REQUIRE(name != NULL);
	REQUIRE(!dns_rdataset_isassociated(rdataset));
528
	REQUIRE(type != dns_rdatatype_rrsig);
529

530
531
532
	dns_rdataset_init(&clone);
	dns_rdataset_clone(ncacherdataset, &clone);
	result = dns_rdataset_first(&clone);
533
	while (result == ISC_R_SUCCESS) {
534
		dns_rdataset_current(&clone, &rdata);
535
536
		isc_buffer_init(&source, rdata.data, rdata.length);
		isc_buffer_add(&source, rdata.length);
537
538
539
540
541
542
543
		dns_name_init(&tname, NULL);
		isc_buffer_remainingregion(&source, &remaining);
		dns_name_fromregion(&tname, &remaining);
		INSIST(remaining.length >= tname.length);
		isc_buffer_forward(&source, tname.length);
		remaining.length -= tname.length;

544
		INSIST(remaining.length >= 3);
545
546
547
		ttype = isc_buffer_getuint16(&source);

		if (ttype == type && dns_name_equal(&tname, name)) {
548
549
			trust = isc_buffer_getuint8(&source);
			INSIST(trust <= dns_trust_ultimate);
550
551
552
			isc_buffer_remainingregion(&source, &remaining);
			break;
		}
553
		result = dns_rdataset_next(&clone);
554
555
		dns_rdata_reset(&rdata);
	}
556
	dns_rdataset_disassociate(&clone);
557
	if (result == ISC_R_NOMORE)
558
		return (ISC_R_NOTFOUND);
559
560
561
562
	if (result != ISC_R_SUCCESS)
		return (result);

	INSIST(remaining.length != 0);
563
564
565
566
567
568

	rdataset->methods = &rdataset_methods;
	rdataset->rdclass = ncacherdataset->rdclass;
	rdataset->type = type;
	rdataset->covers = 0;
	rdataset->ttl = ncacherdataset->ttl;
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
	rdataset->trust = trust;
	rdataset->private1 = NULL;
	rdataset->private2 = NULL;

	rdataset->private3 = remaining.base;

	/*
	 * Reset iterator state.
	 */
	rdataset->privateuint4 = 0;
	rdataset->private5 = NULL;
	rdataset->private6 = NULL;
	return (ISC_R_SUCCESS);
}

isc_result_t
dns_ncache_getsigrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name,
Automatic Updater's avatar
Automatic Updater committed
586
			  dns_rdatatype_t covers, dns_rdataset_t *rdataset)
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
{
	dns_name_t tname;
	dns_rdata_rrsig_t rrsig;
	dns_rdata_t rdata = DNS_RDATA_INIT;
	dns_rdataset_t clone;
	dns_rdatatype_t type;
	dns_trust_t trust = dns_trust_none;
	isc_buffer_t source;
	isc_region_t remaining, sigregion;
	isc_result_t result;
	unsigned char *raw;
	unsigned int count;

	REQUIRE(ncacherdataset != NULL);
	REQUIRE(ncacherdataset->type == 0);
602
	REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
	REQUIRE(name != NULL);
	REQUIRE(!dns_rdataset_isassociated(rdataset));

	dns_rdataset_init(&clone);
	dns_rdataset_clone(ncacherdataset, &clone);
	result = dns_rdataset_first(&clone);
	while (result == ISC_R_SUCCESS) {
		dns_rdataset_current(&clone, &rdata);
		isc_buffer_init(&source, rdata.data, rdata.length);
		isc_buffer_add(&source, rdata.length);
		dns_name_init(&tname, NULL);
		isc_buffer_remainingregion(&source, &remaining);
		dns_name_fromregion(&tname, &remaining);
		INSIST(remaining.length >= tname.length);
		isc_buffer_forward(&source, tname.length);
		remaining.length -= tname.length;
		remaining.base += tname.length;

		INSIST(remaining.length >= 2);
		type = isc_buffer_getuint16(&source);
		remaining.length -= 2;
		remaining.base += 2;

		if (type != dns_rdatatype_rrsig ||
		    !dns_name_equal(&tname, name)) {
			result = dns_rdataset_next(&clone);
			dns_rdata_reset(&rdata);
			continue;
		}

		INSIST(remaining.length >= 1);
		trust = isc_buffer_getuint8(&source);
		INSIST(trust <= dns_trust_ultimate);
		remaining.length -= 1;
		remaining.base += 1;

		raw = remaining.base;
		count = raw[0] * 256 + raw[1];
		INSIST(count > 0);
		raw += 2;
		sigregion.length = raw[0] * 256 + raw[1];
		raw += 2;
		sigregion.base = raw;
		dns_rdata_reset(&rdata);
		dns_rdata_fromregion(&rdata, rdataset->rdclass,
				     dns_rdatatype_rrsig, &sigregion);
		(void)dns_rdata_tostruct(&rdata, &rrsig, NULL);
		if (rrsig.covered == covers) {
			isc_buffer_remainingregion(&source, &remaining);
			break;
		}

		result = dns_rdataset_next(&clone);
		dns_rdata_reset(&rdata);
	}
	dns_rdataset_disassociate(&clone);
	if (result == ISC_R_NOMORE)
		return (ISC_R_NOTFOUND);
	if (result != ISC_R_SUCCESS)
		return (result);

	INSIST(remaining.length != 0);

	rdataset->methods = &rdataset_methods;
	rdataset->rdclass = ncacherdataset->rdclass;
	rdataset->type = dns_rdatatype_rrsig;
	rdataset->covers = covers;
	rdataset->ttl = ncacherdataset->ttl;
	rdataset->trust = trust;
672
673
674
675
676
677
678
679
	rdataset->private1 = NULL;
	rdataset->private2 = NULL;

	rdataset->private3 = remaining.base;

	/*
	 * Reset iterator state.
	 */
680
	rdataset->privateuint4 = 0;
681
	rdataset->private5 = NULL;
682
	rdataset->private6 = NULL;
683
684
	return (ISC_R_SUCCESS);
}
685
686
687
688
689
690

void
dns_ncache_current(dns_rdataset_t *ncacherdataset, dns_name_t *found,
		   dns_rdataset_t *rdataset)
{
	dns_rdata_t rdata = DNS_RDATA_INIT;
691
	dns_trust_t trust;
692
693
694
695
696
697
698
699
700
701
	isc_region_t remaining, sigregion;
	isc_buffer_t source;
	dns_name_t tname;
	dns_rdatatype_t type;
	unsigned int count;
	dns_rdata_rrsig_t rrsig;
	unsigned char *raw;

	REQUIRE(ncacherdataset != NULL);
	REQUIRE(ncacherdataset->type == 0);
702
	REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
703
704
705
706
707
708
709
710
711
712
713
714
715
716
	REQUIRE(found != NULL);
	REQUIRE(!dns_rdataset_isassociated(rdataset));

	dns_rdataset_current(ncacherdataset, &rdata);
	isc_buffer_init(&source, rdata.data, rdata.length);
	isc_buffer_add(&source, rdata.length);

	dns_name_init(&tname, NULL);
	isc_buffer_remainingregion(&source, &remaining);
	dns_name_fromregion(found, &remaining);
	INSIST(remaining.length >= found->length);
	isc_buffer_forward(&source, found->length);
	remaining.length -= found->length;

717
	INSIST(remaining.length >= 5);
718
	type = isc_buffer_getuint16(&source);
719
720
	trust = isc_buffer_getuint8(&source);
	INSIST(trust <= dns_trust_ultimate);
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
	isc_buffer_remainingregion(&source, &remaining);

	rdataset->methods = &rdataset_methods;
	rdataset->rdclass = ncacherdataset->rdclass;
	rdataset->type = type;
	if (type == dns_rdatatype_rrsig) {
		/*
		 * Extract covers from RRSIG.
		 */
		raw = remaining.base;
		count = raw[0] * 256 + raw[1];
		INSIST(count > 0);
		raw += 2;
		sigregion.length = raw[0] * 256 + raw[1];
		raw += 2;
		sigregion.base = raw;
		dns_rdata_reset(&rdata);
		dns_rdata_fromregion(&rdata, rdataset->rdclass,
				     rdataset->type, &sigregion);
		(void)dns_rdata_tostruct(&rdata, &rrsig, NULL);
		rdataset->covers = rrsig.covered;
	} else
		rdataset->covers = 0;
	rdataset->ttl = ncacherdataset->ttl;
745
	rdataset->trust = trust;
746
747
748
749
750
751
752
753
754
755
756
757
	rdataset->private1 = NULL;
	rdataset->private2 = NULL;

	rdataset->private3 = remaining.base;

	/*
	 * Reset iterator state.
	 */
	rdataset->privateuint4 = 0;
	rdataset->private5 = NULL;
	rdataset->private6 = NULL;
}