Commit 95862a62 authored by Ondřej Surý's avatar Ondřej Surý

Add DbC checks for locked zone on dns_zone_t member access

parent ebfb0f73
Pipeline #35197 failed with stages
in 82 minutes and 20 seconds
......@@ -166,7 +166,8 @@ typedef struct dns_include dns_include_t;
(z)->locked = false; \
UNLOCK(&(z)->lock); \
} while (0)
#define LOCKED_ZONE(z) ((z)->locked)
#define LOCKED_ZONE(z) (DNS_ZONE_VALID(z) && (z)->locked)
#define UNLOCKED_ZONE(z) !LOCKED_ZONE(z)
#define TRYLOCK_ZONE(result, z) \
do { \
result = isc_mutex_trylock(&(z)->lock); \
......@@ -1340,7 +1341,8 @@ zone_free(dns_zone_t *zone) {
*/
static inline bool
inline_secure(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
if (zone->raw != NULL) {
return (true);
}
......@@ -1353,7 +1355,8 @@ inline_secure(dns_zone_t *zone) {
*/
static inline bool
inline_raw(dns_zone_t *zone) {
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
if (zone->secure != NULL) {
return (true);
}
......@@ -1549,6 +1552,8 @@ static void
dns_zone_setview_helper(dns_zone_t *zone, dns_view_t *view) {
char namebuf[1024];
REQUIRE(LOCKED_ZONE(zone));
if (zone->prev_view == NULL && zone->view != NULL) {
dns_view_weakattach(zone->view, &zone->prev_view);
}
......@@ -1654,6 +1659,8 @@ static isc_result_t
dns_zone_setstring(dns_zone_t *zone, char **field, const char *value) {
char *copy;
REQUIRE(LOCKED_ZONE(zone));
if (value != NULL) {
copy = isc_mem_strdup(zone->mctx, value);
} else {
......@@ -1746,7 +1753,6 @@ default_journal(dns_zone_t *zone) {
isc_result_t result;
char *journal;
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
if (zone->masterfile != NULL) {
......@@ -1955,7 +1961,7 @@ zone_touched(dns_zone_t *zone) {
isc_time_t modtime;
dns_include_t *include;
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
result = isc_file_getmodtime(zone->masterfile, &modtime);
if (result != ISC_R_SUCCESS ||
......@@ -2450,6 +2456,8 @@ zone_registerinclude(const char *filename, void *arg) {
return;
}
REQUIRE(LOCKED_ZONE(zone));
/*
* Suppress duplicates.
*/
......@@ -2489,6 +2497,7 @@ zone_gotreadhandle(isc_task_t *task, isc_event_t *event) {
goto fail;
}
REQUIRE(LOCKED_ZONE(load->zone));
options = get_master_options(load->zone);
result = dns_master_loadfileinc(
......@@ -2513,7 +2522,7 @@ get_raw_serial(dns_zone_t *raw, dns_masterrawheader_t *rawdata) {
isc_result_t result;
unsigned int soacount;
LOCK(&raw->lock);
LOCK_ZONE(raw);
if (raw->db != NULL) {
result = zone_get_from_db(raw, raw->db, NULL, &soacount,
&rawdata->sourceserial, NULL, NULL,
......@@ -2522,7 +2531,7 @@ get_raw_serial(dns_zone_t *raw, dns_masterrawheader_t *rawdata) {
rawdata->flags |= DNS_MASTERRAW_SOURCESERIALSET;
}
}
UNLOCK(&raw->lock);
UNLOCK_ZONE(raw);
}
static void
......@@ -2594,6 +2603,8 @@ zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header) {
return;
}
REQUIRE(LOCKED_ZONE(zone));
zone->sourceserial = header->sourceserial;
zone->sourceserialset = true;
}
......@@ -2617,6 +2628,8 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
isc_result_t tresult;
unsigned int options;
REQUIRE(LOCKED_ZONE(zone));
ENTER;
dns_zone_rpz_enable_db(zone, db);
......@@ -2714,6 +2727,8 @@ zone_check_mx(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
dns_name_t *foundname;
int level;
REQUIRE(LOCKED_ZONE(zone));
/*
* "." means the services does not exist.
*/
......@@ -2815,6 +2830,8 @@ zone_check_srv(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
dns_name_t *foundname;
int level;
REQUIRE(LOCKED_ZONE(zone));
/*
* "." means the services does not exist.
*/
......@@ -2917,6 +2934,8 @@ zone_check_glue(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
dns_rdataset_t aaaa;
int level;
REQUIRE(LOCKED_ZONE(zone));
/*
* Outside of zone.
*/
......@@ -3066,6 +3085,8 @@ zone_rrset_check_dup(dns_zone_t *zone, dns_name_t *owner,
char typebuf[DNS_RDATATYPE_FORMATSIZE];
unsigned int count1 = 0;
REQUIRE(LOCKED_ZONE(zone));
if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKDUPRRFAIL)) {
level = ISC_LOG_ERROR;
}
......@@ -3128,6 +3149,8 @@ zone_check_dup(dns_zone_t *zone, dns_db_t *db) {
bool ok = true;
isc_result_t result;
REQUIRE(LOCKED_ZONE(zone));
name = dns_fixedname_initname(&fixed);
dns_rdataset_init(&rdataset);
......@@ -3218,6 +3241,8 @@ integrity_checks(dns_zone_t *zone, dns_db_t *db) {
isc_result_t result;
bool ok = true, have_spf, have_txt;
REQUIRE(LOCKED_ZONE(zone));
name = dns_fixedname_initname(&fixed);
bottom = dns_fixedname_initname(&fixedbottom);
dns_rdataset_init(&rdataset);
......@@ -3403,6 +3428,8 @@ zone_check_dnskeys(dns_zone_t *zone, dns_db_t *db) {
dns_rdataset_t rdataset;
isc_result_t result;
REQUIRE(LOCKED_ZONE(zone));
result = dns_db_findnode(db, &zone->origin, false, &node);
if (result != ISC_R_SUCCESS) {
goto cleanup;
......@@ -3498,6 +3525,8 @@ resume_signingwithkey(dns_zone_t *zone) {
isc_result_t result;
dns_db_t *db = NULL;
REQUIRE(LOCKED_ZONE(zone));
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
if (zone->db != NULL) {
dns_db_attach(zone->db, &db);
......@@ -3573,6 +3602,8 @@ zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
char flags[sizeof("INITIAL|REMOVE|CREATE|NONSEC|OPTOUT")];
dns_db_t *db = NULL;
REQUIRE(LOCKED_ZONE(zone));
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
if (zone->db != NULL) {
dns_db_attach(zone->db, &db);
......@@ -3756,7 +3787,7 @@ resume_addnsec3chain(dns_zone_t *zone) {
bool nseconly = false, nsec3ok = false;
dns_db_t *db = NULL;
INSIST(LOCKED_ZONE(zone));
REQUIRE(LOCKED_ZONE(zone));
if (zone->privatetype == 0) {
return;
......@@ -3854,6 +3885,8 @@ set_resigntime(dns_zone_t *zone) {
uint32_t nanosecs;
dns_db_t *db = NULL;
REQUIRE(LOCKED_ZONE(zone));
/* We only re-sign zones that can be dynamically updated */
if (zone->update_disabled) {
return;
......@@ -3911,6 +3944,8 @@ check_nsec3param(dns_zone_t *zone, dns_db_t *db) {
: false;
dynamic = dynamic || dns_zone_getkasp(zone);
REQUIRE(LOCKED_ZONE(zone));
dns_rdataset_init(&rdataset);
result = dns_db_findnode(db, &zone->origin, false, &node);
if (result != ISC_R_SUCCESS) {
......@@ -4009,6 +4044,8 @@ set_refreshkeytimer(dns_zone_t *zone, dns_rdata_keydata_t *key,
isc_time_t timenow, timethen;
char timebuf[80];
REQUIRE(LOCKED_ZONE(zone));
ENTER;
then = key->refresh;
if (force) {
......@@ -4059,6 +4096,8 @@ create_keydata(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
isc_buffer_t rrdatabuf;
isc_stdtime_t now;
REQUIRE(LOCKED_ZONE(zone));
REQUIRE(keynode != NULL);
ENTER;
......@@ -4156,6 +4195,8 @@ trust_key(dns_zone_t *zone, dns_name_t *keyname, dns_rdata_dnskey_t *dnskey,
dns_keytable_t *sr = NULL;
dns_rdata_ds_t ds;
REQUIRE(LOCKED_ZONE(zone));
result = dns_view_getsecroots(zone->view, &sr);
if (result != ISC_R_SUCCESS) {
return;
......@@ -4187,6 +4228,8 @@ fail_secure(dns_zone_t *zone, dns_name_t *keyname) {
isc_result_t result;
dns_keytable_t *sr = NULL;
REQUIRE(LOCKED_ZONE(zone));
result = dns_view_getsecroots(zone->view, &sr);
if (result == ISC_R_SUCCESS) {
dns_keytable_marksecure(sr, keyname);
......@@ -4208,6 +4251,8 @@ load_secroots(dns_zone_t *zone, dns_name_t *name, dns_rdataset_t *rdataset) {
isc_stdtime_t now;
dns_keytable_t *sr = NULL;
REQUIRE(LOCKED_ZONE(zone));
isc_stdtime_get(&now);
result = dns_view_getsecroots(zone->view, &sr);
......@@ -4359,6 +4404,8 @@ zone_journal(dns_zone_t *zone, dns_diff_t *diff, uint32_t *sourceserial,
dns_journal_t *journal = NULL;
unsigned int mode = DNS_JOURNAL_CREATE | DNS_JOURNAL_WRITE;
REQUIRE(LOCKED_ZONE(zone));
ENTER;
journalfile = dns_zone_getjournal(zone);
if (journalfile != NULL) {
......@@ -4398,6 +4445,8 @@ add_soa(dns_zone_t *zone, dns_db_t *db) {
dns_dbversion_t *ver = NULL;
dns_diff_t diff;
REQUIRE(LOCKED_ZONE(zone));
dns_zone_log(zone, ISC_LOG_DEBUG(1), "creating SOA");
dns_diff_init(zone->mctx, &diff);
......@@ -4515,6 +4564,8 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) {
dns_rriterator_t rrit;
struct addifmissing_arg arg;
REQUIRE(LOCKED_ZONE(zone));
dns_zone_log(zone, ISC_LOG_DEBUG(1), "synchronizing trusted keys");
dns_diff_init(zone->mctx, &diff);
......@@ -4643,6 +4694,8 @@ static void
maybe_send_secure(dns_zone_t *zone) {
isc_result_t result;
REQUIRE(LOCKED_ZONE(zone));
/*
* We've finished loading, or else failed to load, an inline-signing
* 'secure' zone. We now need information about the status of the
......@@ -4706,9 +4759,10 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
dns_include_t *inc;
bool is_dynamic = false;
INSIST(LOCKED_ZONE(zone));
REQUIRE(LOCKED_ZONE(zone));
if (inline_raw(zone)) {
INSIST(LOCKED_ZONE(zone->secure));
REQUIRE(LOCKED_ZONE(zone->secure));
}
TIME_NOW(&now);
......@@ -5313,6 +5367,8 @@ zone_check_ns(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version,
dns_name_t *foundname;
int level;
REQUIRE(LOCKED_ZONE(zone));
if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOCHECKNS)) {
return (true);
}
......@@ -5389,6 +5445,8 @@ zone_count_ns_rr(dns_zone_t *zone, dns_db_t *db, dns_dbnode_t *node,
dns_rdata_t rdata;
dns_rdata_ns_t ns;
REQUIRE(LOCKED_ZONE(zone));
dns_rdataset_init(&rdataset);
result = dns_db_findrdataset(db, node, version, dns_rdatatype_ns,
dns_rdatatype_none, 0, &rdataset, NULL);
......@@ -5559,7 +5617,7 @@ zone_get_from_db(dns_zone_t *zone, dns_db_t *db, unsigned int *nscount,
dns_dbnode_t *node;
REQUIRE(db != NULL);
REQUIRE(zone != NULL);
REQUIRE(LOCKED_ZONE(zone));
dns_db_currentversion(db, &version);
......@@ -5694,7 +5752,6 @@ dns_zone_iattach(dns_zone_t *source, dns_zone_t **target) {
static void
zone_iattach(dns_zone_t *source, dns_zone_t **target) {
REQUIRE(DNS_ZONE_VALID(source));
REQUIRE(LOCKED_ZONE(source));
REQUIRE(target != NULL && *target == NULL);
INSIST(isc_refcount_increment0(&source->irefs) +
......@@ -5782,9 +5839,15 @@ dns_zone_setkasp(dns_zone_t *zone, dns_kasp_t *kasp) {
dns_kasp_t *
dns_zone_getkasp(dns_zone_t *zone) {
dns_kasp_t *kasp;
REQUIRE(DNS_ZONE_VALID(zone));
return (zone->kasp);
LOCK_ZONE(zone);
kasp = zone->kasp;
UNLOCK_ZONE(zone);
return (kasp);
}
void
......@@ -6436,6 +6499,8 @@ set_key_expiry_warning(dns_zone_t *zone, isc_stdtime_t when,
unsigned int delta;
char timebuf[80];
REQUIRE(LOCKED_ZONE(zone));
zone->key_expiry = when;
if (when <= now) {
dns_zone_log(zone, ISC_LOG_ERROR,
......@@ -6553,6 +6618,8 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
bool found;
int64_t timewarn = 0, timemaybe = 0;
REQUIRE(LOCKED_ZONE(zone));
dns_rdataset_init(&rdataset);
if (type == dns_rdatatype_nsec3) {
......@@ -6957,6 +7024,8 @@ zone_resigninc(dns_zone_t *zone) {
unsigned int nkeys = 0;
unsigned int resign;
REQUIRE(LOCKED_ZONE(zone));
ENTER;
dns_rdataset_init(&rdataset);
......@@ -7579,6 +7648,8 @@ updatesignwithkey(dns_zone_t *zone, dns_signing_t *signing,
bool seen_done = false;
bool have_rr = false;
REQUIRE(LOCKED_ZONE(zone));
dns_rdataset_init(&rdataset);
result = dns_db_getoriginnode(signing->db, &node);
if (result != ISC_R_SUCCESS) {
......@@ -8133,6 +8204,8 @@ zone_nsec3chain(dns_zone_t *zone) {
bool updatensec = false;
dns_rdatatype_t privatetype = zone->privatetype;
REQUIRE(UNLOCKED_ZONE(zone));
ENTER;
dns_rdataset_init(&rdataset);
......@@ -9119,6 +9192,8 @@ zone_sign(dns_zone_t *zone) {
unsigned int nkeys = 0;
uint32_t nodes;
REQUIRE(UNLOCKED_ZONE(zone));
ENTER;
dns_rdataset_init(&rdataset);
......@@ -9862,6 +9937,8 @@ minimal_update(dns_keyfetch_t *kfetch, dns_dbversion_t *ver, dns_diff_t *diff) {
dns_zone_t *zone = kfetch->zone;
isc_stdtime_t now;
REQUIRE(LOCKED_ZONE(zone));
name = dns_fixedname_name(&kfetch->name);
isc_stdtime_get(&now);
......@@ -10651,11 +10728,12 @@ zone_refreshkeys(dns_zone_t *zone) {
bool timerset = false;
ENTER;
LOCK_ZONE(zone);
REQUIRE(zone->db != NULL);
isc_stdtime_get(&now);
LOCK_ZONE(zone);
if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
isc_time_settoepoch(&zone->refreshkeytime);
UNLOCK_ZONE(zone);
......@@ -11226,9 +11304,9 @@ zone_journal_compact(dns_zone_t *zone, dns_db_t *db, uint32_t serial) {
dns_dbversion_t *ver = NULL;
uint64_t dbsize;
INSIST(LOCKED_ZONE(zone));
REQUIRE(LOCKED_ZONE(zone));
if (inline_raw(zone)) {
INSIST(LOCKED_ZONE(zone->secure));
REQUIRE(LOCKED_ZONE(zone->secure));
}
journalsize = zone->journalsize;
......@@ -11314,7 +11392,6 @@ zone_needdump(dns_zone_t *zone, unsigned int delay) {
* 'zone' locked by caller
*/
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
ENTER;
......@@ -11568,7 +11645,7 @@ dumptostream(dns_zone_t *zone, FILE *fd, const dns_master_style_t *style,
dns_db_t *db = NULL;
dns_masterrawheader_t rawdata;
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
if (zone->db != NULL) {
......@@ -11738,6 +11815,8 @@ notify_isqueued(dns_zone_t *zone, unsigned int flags, dns_name_t *name,
dns_zonemgr_t *zmgr;
isc_result_t result;
REQUIRE(LOCKED_ZONE(zone));
for (notify = ISC_LIST_HEAD(zone->notifies); notify != NULL;
notify = ISC_LIST_NEXT(notify, link))
{
......@@ -11795,6 +11874,8 @@ notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) {
isc_netaddr_t dstaddr;
isc_result_t result;
REQUIRE(LOCKED_ZONE(zone));
if (zone->view == NULL || zone->isself == NULL) {
return (false);
}
......@@ -12872,6 +12953,8 @@ setmodtime(dns_zone_t *zone, isc_time_t *expiretime) {
isc_time_t when;
isc_interval_t i;
REQUIRE(LOCKED_ZONE(zone));
isc_interval_set(&i, zone->expire, 0);
result = isc_time_subtract(expiretime, &i, &when);
if (result != ISC_R_SUCCESS) {
......@@ -13383,6 +13466,8 @@ create_query(dns_zone_t *zone, dns_rdatatype_t rdtype,
dns_rdataset_t *qrdataset = NULL;
isc_result_t result;
REQUIRE(LOCKED_ZONE(zone));
result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTRENDER,
&message);
if (result != ISC_R_SUCCESS) {
......@@ -13695,7 +13780,6 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
uint16_t udpsize = SEND_BUFFER_SIZE;
isc_dscp_t dscp = -1;
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
REQUIRE((soardataset != NULL && stub == NULL) ||
(soardataset == NULL && stub != NULL));
......@@ -14065,7 +14149,6 @@ zone_settimer(dns_zone_t *zone, isc_time_t *now) {
isc_time_t next;
isc_result_t result;
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
ENTER;
......@@ -14234,7 +14317,6 @@ cancel_refresh(dns_zone_t *zone) {
* 'zone' locked by caller.
*/
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
ENTER;
......@@ -14854,6 +14936,8 @@ zone_namerd_tostr(dns_zone_t *zone, char *buf, size_t length) {
isc_result_t result = ISC_R_FAILURE;
isc_buffer_t buffer;
REQUIRE(LOCKED_ZONE(zone));
REQUIRE(buf != NULL);
REQUIRE(length > 1U);
......@@ -14900,6 +14984,8 @@ zone_name_tostr(dns_zone_t *zone, char *buf, size_t length) {
isc_result_t result = ISC_R_FAILURE;
isc_buffer_t buffer;
REQUIRE(LOCKED_ZONE(zone));
REQUIRE(buf != NULL);
REQUIRE(length > 1U);
......@@ -14923,6 +15009,8 @@ static void
zone_rdclass_tostr(dns_zone_t *zone, char *buf, size_t length) {
isc_buffer_t buffer;
REQUIRE(LOCKED_ZONE(zone));
REQUIRE(buf != NULL);
REQUIRE(length > 1U);
......@@ -14939,6 +15027,8 @@ static void
zone_viewname_tostr(dns_zone_t *zone, char *buf, size_t length) {
isc_buffer_t buffer;
REQUIRE(LOCKED_ZONE(zone));
REQUIRE(buf != NULL);
REQUIRE(length > 1U);
......@@ -15272,6 +15362,8 @@ sync_secure_journal(dns_zone_t *zone, dns_zone_t *raw, dns_journal_t *journal,
dns_diffop_t op = DNS_DIFFOP_ADD;
int n_soa = 0;
REQUIRE(LOCKED_ZONE(zone));
REQUIRE(soatuplep != NULL);
if (start == end) {
......@@ -15787,7 +15879,7 @@ save_nsec3param(dns_zone_t *zone, nsec3paramlist_t *nsec3list) {
dns_db_t *db = NULL;
unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
REQUIRE(nsec3list != NULL);
REQUIRE(ISC_LIST_EMPTY(*nsec3list));
......@@ -15942,7 +16034,7 @@ restore_nsec3param(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version,
nsec3param_t *nsec3p = NULL;
nsec3param_t *next;
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
REQUIRE(!ISC_LIST_EMPTY(*nsec3list));
dns_diff_init(zone->mctx, &diff);
......@@ -16200,12 +16292,14 @@ zone_send_securedb(dns_zone_t *zone, dns_db_t *db) {
dns_db_t *dummy = NULL;
dns_zone_t *secure = NULL;
REQUIRE(LOCKED_ZONE(zone));
REQUIRE(LOCKED_ZONE(zone->secure));
e = isc_event_allocate(zone->secure->mctx, zone, DNS_EVENT_ZONESECUREDB,
receive_secure_db, zone->secure,
sizeof(struct secure_event));
dns_db_attach(db, &dummy);
((struct secure_event *)e)->db = dummy;
INSIST(LOCKED_ZONE(zone->secure));
zone_iattach(zone->secure, &secure);
isc_task_send(zone->secure->task, &e);
DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_SENDSECURE);
......@@ -16251,7 +16345,6 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, bool dump) {
/*
* 'zone' and 'zone->db' locked by caller.
*/
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
if (inline_raw(zone)) {
REQUIRE(LOCKED_ZONE(zone->secure));
......@@ -16882,6 +16975,8 @@ queue_xfrin(dns_zone_t *zone) {
isc_result_t result;
dns_zonemgr_t *zmgr = zone->zmgr;
REQUIRE(LOCKED_ZONE(zone));
ENTER;
INSIST(zone->statelist == NULL);
......@@ -16924,6 +17019,8 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) {
isc_dscp_t dscp = -1;
bool loaded;
REQUIRE(LOCKED_ZONE(zone));
UNUSED(task);
INSIST(task == zone->task);
......@@ -18124,6 +18221,8 @@ zone_saveunique(dns_zone_t *zone, const char *path, const char *templat) {
int buflen;
isc_result_t result;
REQUIRE(LOCKED_ZONE(zone));
buflen = strlen(path) + strlen(templat) + 2;
buf = isc_mem_get(zone->mctx, buflen);
......@@ -18812,6 +18911,8 @@ zone_signwithkey(dns_zone_t *zone, dns_secalg_t algorithm, uint16_t keyid,
isc_time_t now;
dns_db_t *db = NULL;
REQUIRE(LOCKED_ZONE(zone));
signing = isc_mem_get(zone->mctx, sizeof *signing);
signing->magic = 0;
......@@ -19054,6 +19155,8 @@ tickle_apex_rrset(dns_rdatatype_t rrtype, dns_zone_t *zone, dns_db_t *db,
dns_difftuple_t *tuple;
isc_result_t result;
REQUIRE(LOCKED_ZONE(zone));
for (tuple = ISC_LIST_HEAD(diff->tuples); tuple != NULL;
tuple = ISC_LIST_NEXT(tuple, link))
{
......@@ -19096,6 +19199,8 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
dst_key_t *zone_keys[DNS_MAXZONEKEYS];
unsigned int nkeys = 0, i;
REQUIRE(LOCKED_ZONE(zone));
result = dns__zone_findkeys(zone, db, ver, now, zone->mctx,
DNS_MAXZONEKEYS, zone_keys, &nkeys);
if (result != ISC_R_SUCCESS) {
......@@ -19173,6 +19278,8 @@ dnskey_sane(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
bool nseconly = false, nsec3 = false;
dns_rdatatype_t privatetype = dns_zone_getprivatetype(zone);
REQUIRE(LOCKED_ZONE(zone));
/* Scan the tuples for an NSEC-only DNSKEY */
for (tuple = ISC_LIST_HEAD(diff->tuples); tuple != NULL;
tuple = ISC_LIST_NEXT(tuple, link))
......@@ -19224,6 +19331,8 @@ clean_nsec3param(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
dns_dbnode_t *node = NULL;
dns_rdataset_t rdataset;
REQUIRE(LOCKED_ZONE(zone));
dns_rdataset_init(&rdataset);
CHECK(dns_db_getoriginnode(db, &node));
......@@ -20180,7 +20289,7 @@ keydone(isc_task_t *task, isc_event_t *event) {
UNUSED(task);
zone = event->ev_arg;
INSIST(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
ENTER;
......@@ -20372,7 +20481,7 @@ setnsec3param(isc_task_t *task, isc_event_t *event) {
const char *me = "setnsec3param";
dns_zone_t *zone = event->ev_arg;
INSIST(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
UNUSED(task);
......@@ -20416,6 +20525,8 @@ rss_post(dns_zone_t *zone, isc_event_t *event) {
bool nseconly;
bool exists = false;
REQUIRE(LOCKED_ZONE(zone));
ENTER;
np = &npe->params;
......@@ -20785,7 +20896,7 @@ setserial(isc_task_t *task, isc_event_t *event) {
UNUSED(task);
zone = event->ev_arg;
INSIST(DNS_ZONE_VALID(zone));
REQUIRE(LOCKED_ZONE(zone));
ENTER;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment