[ Avaa Bypassed ]




Upload:

Command:

hmhc3928@3.138.204.67: ~ $
/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */


#ifndef DNS_VALIDATOR_H
#define DNS_VALIDATOR_H 1

/*****
 ***** Module Info
 *****/

/*! \file dns/validator.h
 *
 * \brief
 * DNS Validator
 * This is the BIND 9 validator, the module responsible for validating the
 * rdatasets and negative responses (messages).  It makes use of zones in
 * the view and may fetch RRset to complete trust chains.  It implements
 * DNSSEC as specified in RFC 4033, 4034 and 4035.
 *
 * It can also optionally implement ISC's DNSSEC look-aside validation.
 *
 * Correct operation is critical to preventing spoofed answers from secure
 * zones being accepted.
 *
 * MP:
 *\li	The module ensures appropriate synchronization of data structures it
 *	creates and manipulates.
 *
 * Reliability:
 *\li	No anticipated impact.
 *
 * Resources:
 *\li	TBS
 *
 * Security:
 *\li	No anticipated impact.
 *
 * Standards:
 *\li	RFCs:	1034, 1035, 2181, 4033, 4034, 4035.
 */

#include <isc/lang.h>
#include <isc/event.h>
#include <isc/mutex.h>

#include <dns/fixedname.h>
#include <dns/types.h>
#include <dns/rdataset.h>
#include <dns/rdatastruct.h> /* for dns_rdata_rrsig_t */

#include <dst/dst.h>

/*%
 * A dns_validatorevent_t is sent when a 'validation' completes.
 * \brief
 * 'name', 'rdataset', 'sigrdataset', and 'message' are the values that were
 * supplied when dns_validator_create() was called.  They are returned to the
 * caller so that they may be freed.
 *
 * If the RESULT is ISC_R_SUCCESS and the answer is secure then
 * proofs[] will contain the names of the NSEC records that hold the
 * various proofs.  Note the same name may appear multiple times.
 */
typedef struct dns_validatorevent {
	ISC_EVENT_COMMON(struct dns_validatorevent);
	dns_validator_t *		validator;
	isc_result_t			result;
	/*
	 * Name and type of the response to be validated.
	 */
	dns_name_t *			name;
	dns_rdatatype_t			type;
	/*
	 * Rdata and RRSIG (if any) for positive responses.
	 */
	dns_rdataset_t *		rdataset;
	dns_rdataset_t *		sigrdataset;
	/*
	 * The full response.  Required for negative responses.
	 * Also required for positive wildcard responses.
	 */
	dns_message_t *			message;
	/*
	 * Proofs to be cached.
	 */
	dns_name_t *			proofs[4];
	/*
	 * Optout proof seen.
	 */
	isc_boolean_t			optout;
	/*
	 * Answer is secure.
	 */
	isc_boolean_t			secure;
} dns_validatorevent_t;

#define DNS_VALIDATOR_NOQNAMEPROOF 0
#define DNS_VALIDATOR_NODATAPROOF 1
#define DNS_VALIDATOR_NOWILDCARDPROOF 2
#define DNS_VALIDATOR_CLOSESTENCLOSER 3

/*%
 * A validator object represents a validation in progress.
 * \brief
 * Clients are strongly discouraged from using this type directly, with
 * the exception of the 'link' field, which may be used directly for
 * whatever purpose the client desires.
 */
struct dns_validator {
	/* Unlocked. */
	unsigned int			magic;
	isc_mutex_t			lock;
	dns_view_t *			view;
	/* Locked by lock. */
	unsigned int			options;
	unsigned int			attributes;
	dns_validatorevent_t *		event;
	dns_fetch_t *			fetch;
	dns_validator_t *		subvalidator;
	dns_validator_t *		parent;
	dns_keytable_t *		keytable;
	dns_keynode_t *			keynode;
	dst_key_t *			key;
	dns_rdata_rrsig_t *		siginfo;
	isc_task_t *			task;
	isc_taskaction_t		action;
	void *				arg;
	unsigned int			labels;
	dns_rdataset_t *		currentset;
	isc_boolean_t			seensig;
	dns_rdataset_t *		keyset;
	dns_rdataset_t *		dsset;
	dns_rdataset_t *		soaset;
	dns_rdataset_t *		nsecset;
	dns_rdataset_t *		nsec3set;
	dns_name_t *			soaname;
	dns_rdataset_t			frdataset;
	dns_rdataset_t			fsigrdataset;
	dns_fixedname_t			fname;
	dns_fixedname_t			wild;
	dns_fixedname_t			nearest;
	dns_fixedname_t			closest;
	ISC_LINK(dns_validator_t)	link;
	dns_rdataset_t 			dlv;
	dns_fixedname_t			dlvsep;
	isc_boolean_t			havedlvsep;
	isc_boolean_t			mustbesecure;
	unsigned int			dlvlabels;
	unsigned int			depth;
	unsigned int			authcount;
	unsigned int			authfail;
	isc_boolean_t			failed;
	isc_stdtime_t			start;
};

/*%
 * dns_validator_create() options.
 */
#define DNS_VALIDATOR_DLV		0x0001U
#define DNS_VALIDATOR_DEFER		0x0002U
#define DNS_VALIDATOR_NOCDFLAG		0x0004U
#define DNS_VALIDATOR_NONTA		0x0008U  /*% Ignore NTA table */

ISC_LANG_BEGINDECLS

isc_result_t
dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
		     dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
		     dns_message_t *message, unsigned int options,
		     isc_task_t *task, isc_taskaction_t action, void *arg,
		     dns_validator_t **validatorp);
/*%<
 * Start a DNSSEC validation.
 *
 * This validates a response to the question given by
 * 'name' and 'type'.
 *
 * To validate a positive response, the response data is
 * given by 'rdataset' and 'sigrdataset'.  If 'sigrdataset'
 * is NULL, the data is presumed insecure and an attempt
 * is made to prove its insecurity by finding the appropriate
 * null key.
 *
 * The complete response message may be given in 'message',
 * to make available any authority section NSECs that may be
 * needed for validation of a response resulting from a
 * wildcard expansion (though no such wildcard validation
 * is implemented yet).  If the complete response message
 * is not available, 'message' is NULL.
 *
 * To validate a negative response, the complete negative response
 * message is given in 'message'.  The 'rdataset', and
 * 'sigrdataset' arguments must be NULL, but the 'name' and 'type'
 * arguments must be provided.
 *
 * The validation is performed in the context of 'view'.
 *
 * When the validation finishes, a dns_validatorevent_t with
 * the given 'action' and 'arg' are sent to 'task'.
 * Its 'result' field will be ISC_R_SUCCESS iff the
 * response was successfully proven to be either secure or
 * part of a known insecure domain.
 *
 * options:
 * If DNS_VALIDATOR_DLV is set the caller knows there is not a
 * trusted key and the validator should immediately attempt to validate
 * the answer by looking for an appropriate DLV RRset.
 */

void
dns_validator_send(dns_validator_t *validator);
/*%<
 * Send a deferred validation request
 *
 * Requires:
 *	'validator' to points to a valid DNSSEC validator.
 */

void
dns_validator_cancel(dns_validator_t *validator);
/*%<
 * Cancel a DNSSEC validation in progress.
 *
 * Requires:
 *\li	'validator' points to a valid DNSSEC validator, which
 *	may or may not already have completed.
 *
 * Ensures:
 *\li	It the validator has not already sent its completion
 *	event, it will send it with result code ISC_R_CANCELED.
 */

void
dns_validator_destroy(dns_validator_t **validatorp);
/*%<
 * Destroy a DNSSEC validator.
 *
 * Requires:
 *\li	'*validatorp' points to a valid DNSSEC validator.
 * \li	The validator must have completed and sent its completion
 * 	event.
 *
 * Ensures:
 *\li	All resources used by the validator are freed.
 */

ISC_LANG_ENDDECLS

#endif /* DNS_VALIDATOR_H */

Filemanager

Name Type Size Permission Actions
acache.h File 13.99 KB 0644
acl.h File 7.1 KB 0644
adb.h File 22.03 KB 0644
badcache.h File 3.28 KB 0644
bit.h File 856 B 0644
byaddr.h File 3.89 KB 0644
cache.h File 7.95 KB 0644
callbacks.h File 2.22 KB 0644
catz.h File 11.54 KB 0644
cert.h File 1.43 KB 0644
client.h File 21.52 KB 0644
clientinfo.h File 1.95 KB 0644
compress.h File 6.51 KB 0644
db.h File 44.68 KB 0644
dbiterator.h File 7.26 KB 0644
dbtable.h File 3.09 KB 0644
diff.h File 6.82 KB 0644
dispatch.h File 16.05 KB 0644
dlz.h File 10.38 KB 0644
dlz_dlopen.h File 4.54 KB 0644
dns64.h File 5.51 KB 0644
dnssec.h File 12 KB 0644
dnstap.h File 9.2 KB 0644
ds.h File 1.19 KB 0644
dsdigest.h File 1.68 KB 0644
dyndb.h File 4.72 KB 0644
ecdb.h File 808 B 0644
edns.h File 721 B 0644
enumclass.h File 1.19 KB 0644
enumtype.h File 7.74 KB 0644
events.h File 3.96 KB 0644
fixedname.h File 1.56 KB 0644
forward.h File 3.37 KB 0644
geoip.h File 2.34 KB 0644
ipkeylist.h File 2.12 KB 0644
iptable.h File 1.6 KB 0644
journal.h File 8.05 KB 0644
keydata.h File 1.02 KB 0644
keyflags.h File 1.25 KB 0644
keytable.h File 9.28 KB 0644
keyvalues.h File 4.06 KB 0644
lib.h File 1.16 KB 0644
log.h File 3.87 KB 0644
lookup.h File 2.85 KB 0644
master.h File 11.08 KB 0644
masterdump.h File 12.35 KB 0644
message.h File 37.27 KB 0644
name.h File 36.49 KB 0644
ncache.h File 4.8 KB 0644
nsec.h File 2.88 KB 0644
nsec3.h File 8.17 KB 0644
nta.h File 4.32 KB 0644
opcode.h File 1006 B 0644
order.h File 1.95 KB 0644
peer.h File 6.06 KB 0644
portlist.h File 2.05 KB 0644
private.h File 1.9 KB 0644
rbt.h File 39.7 KB 0644
rcode.h File 2.42 KB 0644
rdata.h File 20.92 KB 0644
rdataclass.h File 2.2 KB 0644
rdatalist.h File 2.51 KB 0644
rdataset.h File 20.47 KB 0644
rdatasetiter.h File 3.83 KB 0644
rdataslab.h File 4.29 KB 0644
rdatastruct.h File 57.57 KB 0644
rdatatype.h File 2.24 KB 0644
request.h File 10.89 KB 0644
resolver.h File 18.63 KB 0644
result.h File 8.57 KB 0644
rootns.h File 891 B 0644
rpz.h File 10.09 KB 0644
rriterator.h File 4.17 KB 0644
rrl.h File 6.49 KB 0644
sdb.h File 7.04 KB 0644
sdlz.h File 13.87 KB 0644
secalg.h File 1.67 KB 0644
secproto.h File 1.52 KB 0644
soa.h File 2.17 KB 0644
ssu.h File 8.09 KB 0644
stats.h File 13.15 KB 0644
tcpmsg.h File 3.05 KB 0644
time.h File 1.66 KB 0644
timer.h File 1.02 KB 0644
tkey.h File 7.43 KB 0644
tsec.h File 2.88 KB 0644
tsig.h File 8.06 KB 0644
ttl.h File 1.93 KB 0644
types.h File 13.65 KB 0644
update.h File 1.61 KB 0644
validator.h File 7.02 KB 0644
version.h File 867 B 0644
view.h File 34.69 KB 0644
xfrin.h File 2.85 KB 0644
zone.h File 59.8 KB 0644
zonekey.h File 763 B 0644
zt.h File 5.31 KB 0644