Lines Matching +full:unlock +full:- +full:keys
2 * validator/autotrust.c - RFC5011 trust anchor management for unbound.
80 rbtree_init(&global->probe, &probetree_cmp);
96 log_assert(a->autr && b->autr);
97 if(a->autr->next_probe_time < b->autr->next_probe_time)
98 return -1;
99 if(a->autr->next_probe_time > b->autr->next_probe_time)
111 lock_basic_lock(&anchors->lock);
112 if(anchors->autr)
113 res = anchors->autr->probe.count;
114 lock_basic_unlock(&anchors->lock);
124 return (int)(pos-str)+(int)strlen(sub);
125 return -1;
146 char* str = sldns_wire2str_dname(ta->rr, ta->dname_len);
148 ta->rr, ta->rr_len, ta->dname_len),
149 sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
150 ta->dname_len));
200 ta->s = AUTR_STATE_VALID;
203 int s = (int) comments[pos] - '0';
212 ta->s = s;
217 ta->s = AUTR_STATE_START;
230 ta->pending_count = 0;
234 ta->pending_count = (uint8_t)atoi(comments);
251 ta->last_change = 0;
253 ta->last_change = (time_t)timestamp;
301 sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len),
302 sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len),
303 sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len)
324 ta->rr = rr;
325 ta->rr_len = rr_len;
326 ta->dname_len = dname_len;
337 tp->name = memdup(own, own_len);
338 if(!tp->name) {
342 tp->namelen = own_len;
343 tp->namelabs = dname_count_labels(tp->name);
344 tp->node.key = tp;
345 tp->dclass = dc;
346 tp->autr = (struct autr_point_data*)calloc(1, sizeof(*tp->autr));
347 if(!tp->autr) {
348 free(tp->name);
352 tp->autr->pnode.key = tp;
354 lock_basic_lock(&anchors->lock);
355 if(!rbtree_insert(anchors->tree, &tp->node)) {
357 lock_basic_unlock(&anchors->lock);
358 dname_str(tp->name, buf);
360 free(tp->name);
361 free(tp->autr);
365 if(!rbtree_insert(&anchors->autr->probe, &tp->autr->pnode)) {
367 (void)rbtree_delete(anchors->tree, tp);
368 lock_basic_unlock(&anchors->lock);
369 dname_str(tp->name, buf);
371 free(tp->name);
372 free(tp->autr);
376 lock_basic_init(&tp->lock);
377 lock_protect(&tp->lock, tp, sizeof(*tp));
378 lock_protect(&tp->lock, tp->autr, sizeof(*tp->autr));
379 lock_basic_unlock(&anchors->lock);
388 free(r->rk.dname);
389 free(r->entry.data);
398 lock_unprotect(&tp->lock, tp);
399 lock_unprotect(&tp->lock, tp->autr);
400 lock_basic_destroy(&tp->lock);
401 autr_rrset_delete(tp->ds_rrset);
402 autr_rrset_delete(tp->dnskey_rrset);
403 if(tp->autr) {
404 struct autr_ta* p = tp->autr->keys, *np;
406 np = p->next;
407 free(p->rr);
411 free(tp->autr->file);
412 free(tp->autr);
414 free(tp->name);
427 if(!tp->autr) {
429 lock_basic_unlock(&tp->lock);
438 lock_basic_lock(&tp->lock);
452 free(ta->rr);
457 ta->next = (*tp)->autr->keys;
458 (*tp)->autr->keys = ta;
459 lock_basic_unlock(&(*tp)->lock);
540 lock_basic_lock(&tp->lock);
542 lock_basic_unlock(&tp->lock);
545 if(!tp->autr->file) {
546 tp->autr->file = strdup(fname);
547 if(!tp->autr->file) {
548 lock_basic_unlock(&tp->lock);
553 lock_basic_unlock(&tp->lock);
563 if(sldns_wirerr_get_type((*list)->rr, (*list)->rr_len,
564 (*list)->dname_len) == LDNS_RR_TYPE_DS) {
565 *rr = (*list)->rr;
566 *rr_len = (*list)->rr_len;
567 *dname_len = (*list)->dname_len;
568 *list = (*list)->next;
571 *list = (*list)->next;
582 if(sldns_wirerr_get_type((*list)->rr, (*list)->rr_len,
583 (*list)->dname_len) != LDNS_RR_TYPE_DS &&
584 ((*list)->s == AUTR_STATE_VALID ||
585 (*list)->s == AUTR_STATE_MISSING)) {
586 *rr = (*list)->rr;
587 *rr_len = (*list)->rr_len;
588 *dname_len = (*list)->dname_len;
589 *list = (*list)->next;
592 *list = (*list)->next;
597 /** see if iterator-list has any elements in it, or it is empty */
624 * Keys for the cache have to be obtained from alloc.h .
641 k->rk.type = htons(sldns_wirerr_get_type(rr, rr_len, dname_len));
642 k->rk.rrset_class = htons(sldns_wirerr_get_class(rr, rr_len, dname_len));
643 k->rk.dname_len = dname_len;
644 k->rk.dname = memdup(rr, dname_len);
645 if(!k->rk.dname) {
692 data->ttl = ttl;
693 data->count = count;
694 data->rrsig_count = rrsig_count;
695 data->rr_len = (size_t*)((uint8_t*)data +
697 data->rr_data = (uint8_t**)&(data->rr_len[total]);
698 data->rr_ttl = (time_t*)&(data->rr_data[total]);
699 nextrdata = (uint8_t*)&(data->rr_ttl[total]);
705 data->rr_ttl[i] = (time_t)sldns_wirerr_get_ttl(rr, rr_len,
707 if(data->rr_ttl[i] < data->ttl)
708 data->ttl = data->rr_ttl[i];
709 data->rr_len[i] = 2 /* the rdlength */ +
716 data->rr_data[i] = nextrdata;
717 nextrdata += data->rr_len[i];
724 log_assert(data->rr_data[i]);
725 memmove(data->rr_data[i],
727 data->rr_len[i]);
731 if(data->rrsig_count && data->count == 0) {
732 data->count = data->rrsig_count; /* rrset type is RRSIG */
733 data->rrsig_count = 0;
750 /* make packed rrset keys - malloced with no ID number, they
753 if(assemble_iterate_hasfirst(assemble_iterate_ds, tp->autr->keys)) {
755 assemble_iterate_ds, tp->autr->keys);
758 ubds->entry.data = packed_rrset_heap_data(
759 assemble_iterate_ds, tp->autr->keys);
760 if(!ubds->entry.data)
765 if(assemble_iterate_hasfirst(assemble_iterate_dnskey, tp->autr->keys)) {
767 assemble_iterate_dnskey, tp->autr->keys);
770 ubdnskey->entry.data = packed_rrset_heap_data(
771 assemble_iterate_dnskey, tp->autr->keys);
772 if(!ubdnskey->entry.data) {
780 /* we have prepared the new keys so nothing can go wrong any more.
782 * any errors. Put in the new keys and remove old ones. */
785 autr_rrset_delete(tp->ds_rrset);
786 autr_rrset_delete(tp->dnskey_rrset);
789 tp->ds_rrset = ubds;
790 tp->dnskey_rrset = ubdnskey;
791 tp->numDS = assemble_iterate_count(assemble_iterate_ds,
792 tp->autr->keys);
793 tp->numDNSKEY = assemble_iterate_count(assemble_iterate_dnskey,
794 tp->autr->keys);
805 *ret = -1; /* parse error */
832 if(r == -1) {
849 * @return: 0 no match, -1 failed syntax error, +1 success line read.
860 if(!*anchor) return -1;
865 return -1;
869 if(!tp) return -1;
870 lock_basic_lock(&tp->lock);
871 tp->autr->last_queried = (time_t)parse_int(line+16, &r);
872 lock_basic_unlock(&tp->lock);
874 if(!tp) return -1;
875 lock_basic_lock(&tp->lock);
876 tp->autr->last_success = (time_t)parse_int(line+16, &r);
877 lock_basic_unlock(&tp->lock);
879 if(!tp) return -1;
880 lock_basic_lock(&anchors->lock);
881 lock_basic_lock(&tp->lock);
882 (void)rbtree_delete(&anchors->autr->probe, tp);
883 tp->autr->next_probe_time = (time_t)parse_int(line+19, &r);
884 (void)rbtree_insert(&anchors->autr->probe, &tp->autr->pnode);
885 lock_basic_unlock(&tp->lock);
886 lock_basic_unlock(&anchors->lock);
888 if(!tp) return -1;
889 lock_basic_lock(&tp->lock);
890 tp->autr->query_failed = (uint8_t)parse_int(line+16, &r);
891 lock_basic_unlock(&tp->lock);
893 if(!tp) return -1;
894 lock_basic_lock(&tp->lock);
895 tp->autr->query_interval = (time_t)parse_int(line+18, &r);
896 lock_basic_unlock(&tp->lock);
898 if(!tp) return -1;
899 lock_basic_lock(&tp->lock);
900 tp->autr->retry_time = (time_t)parse_int(line+14, &r);
901 lock_basic_unlock(&tp->lock);
933 buf[len-1] = 0;
940 say for TXT records, but this routine only has to read keys */
947 return -1;
949 depth--;
962 pos[poslen-1] = 0; /* strip newline */
969 left -= poslen;
973 return -1;
978 left -= 1;
982 return -1;
1011 if(r == -1 || (r = parse_var_line(line, anchors, &tp)) == -1) {
1012 log_err("could not parse auto-trust-anchor-file "
1041 "the file may only contain keys for one name, "
1042 "remove keys for other domain names", nm);
1059 lock_basic_lock(&tp->lock);
1061 lock_basic_unlock(&tp->lock);
1065 lock_basic_unlock(&tp->lock);
1125 if(tp->autr->revoked) {
1127 fprintf(out, "; The zone has all keys revoked, and is\n"
1136 if(!print_id(out, fn, tp->name, tp->namelen, tp->dclass)) {
1140 (unsigned int)tp->autr->last_queried,
1141 autr_ctime_r(&(tp->autr->last_queried), tmi)) < 0 ||
1143 (unsigned int)tp->autr->last_success,
1144 autr_ctime_r(&(tp->autr->last_success), tmi)) < 0 ||
1146 (unsigned int)tp->autr->next_probe_time,
1147 autr_ctime_r(&(tp->autr->next_probe_time), tmi)) < 0 ||
1148 fprintf(out, ";;query_failed: %d\n", (int)tp->autr->query_failed)<0
1150 (int)tp->autr->query_interval) < 0 ||
1151 fprintf(out, ";;retry_time: %d\n", (int)tp->autr->retry_time) < 0) {
1157 for(ta=tp->autr->keys; ta; ta=ta->next) {
1158 /* by default do not store START and REMOVED keys */
1159 if(ta->s == AUTR_STATE_START)
1161 if(ta->s == AUTR_STATE_REMOVED)
1163 /* only store keys */
1164 if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len)
1167 str = sldns_wire2str_rr(ta->rr, ta->rr_len);
1173 str[strlen(str)-1] = 0; /* remove newline */
1175 ";;lastchange=%u ;;%s", str, (int)ta->s,
1176 trustanchor_state2str(ta->s), (int)ta->pending_count,
1177 (unsigned int)ta->last_change,
1178 autr_ctime_r(&(ta->last_change), tmi)) < 0) {
1191 char* fname = tp->autr->file;
1196 log_assert(tp->autr);
1210 snprintf(tempf, sizeof(tempf), "%s.%d-%d-" ARG_LL "x", fname, (int)getpid(),
1211 env->worker?*(int*)env->worker:0, llvalue);
1268 int downprot = env->cfg->harden_algo_downgrade;
1270 tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason,
1296 for(i=dd->count; i<dd->count+dd->rrsig_count; i++) {
1297 t = rrsig_get_expiry(dd->rr_data[i], dd->rr_len[i]);
1298 if((int32_t)t - (int32_t)*env->now > 0) {
1299 t -= (int32_t)*env->now;
1307 /** Is rr self-signed revoked key */
1315 verbose(VERB_ALGO, "seen REVOKE flag, check self-signed, rr %d",
1328 ta->fetched = seen;
1329 if(ta->pending_count < 250) /* no numerical overflow, please */
1330 ta->pending_count++;
1337 ta->revoked = revoked;
1346 if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len) !=
1349 if(sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len) < 2)
1351 data = sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len);
1366 return -1;
1378 if (rdf1 < rdf2) return -1;
1389 if(!a) return -1;
1390 else if(!b) return -1;
1391 else if(sldns_wirerr_get_type(a->rr, a->rr_len, a->dname_len) != t)
1392 return (int)sldns_wirerr_get_type(a->rr, a->rr_len,
1393 a->dname_len) - (int)t;
1396 sldns_wirerr_get_rdata(a->rr, a->rr_len, a->dname_len),
1397 sldns_wirerr_get_rdatalen(a->rr, a->rr_len,
1398 a->dname_len), b, b_len);
1401 if(sldns_wirerr_get_rdatalen(a->rr, a->rr_len, a->dname_len) !=
1403 return -1;
1404 return memcmp(sldns_wirerr_get_rdata(a->rr,
1405 a->rr_len, a->dname_len), b, b_len);
1407 return -1;
1428 for(ta=tp->autr->keys; ta; ta=ta->next) {
1448 dname_len = tp->namelen;
1453 memmove(rr, tp->name, tp->namelen);
1465 ta->next = tp->autr->keys;
1466 tp->autr->keys = ta;
1474 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
1475 return d->ttl;
1483 time_t x, qi = tp->autr->query_interval, rt = tp->autr->retry_time;
1494 tp->autr->query_interval = 3600;
1495 else tp->autr->query_interval = x;
1496 } else tp->autr->query_interval = x;
1507 tp->autr->retry_time = 3600;
1508 else tp->autr->retry_time = x;
1509 } else tp->autr->retry_time = x;
1511 if(qi != tp->autr->query_interval || rt != tp->autr->retry_time) {
1517 (int)tp->autr->query_interval,
1518 (int)tp->autr->retry_time);
1527 for(ta=tp->autr->keys; ta; ta=ta->next) {
1528 ta->fetched = 0;
1532 /** check for revoked keys without trusting any other information */
1539 dnskey_rrset->entry.data;
1541 log_assert(ntohs(dnskey_rrset->rk.type) == LDNS_RR_TYPE_DNSKEY);
1542 for(i=0; i<dd->count; i++) {
1544 if(!rr_is_dnskey_sep(ntohs(dnskey_rrset->rk.type),
1545 dd->rr_data[i]+2, dd->rr_len[i]-2) ||
1546 !rr_is_dnskey_revoked(ntohs(dnskey_rrset->rk.type),
1547 dd->rr_data[i]+2, dd->rr_len[i]-2))
1549 if(!find_key(tp, ntohs(dnskey_rrset->rk.type),
1550 dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) {
1560 log_assert(dnskey_calc_keytag(dnskey_rrset, i)-128 ==
1562 ta->rr, ta->rr_len, ta->dname_len),
1563 sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
1564 ta->dname_len)) ||
1567 ta->rr, ta->rr_len, ta->dname_len),
1568 sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
1569 ta->dname_len))); /* checks conversion*/
1570 verbose_key(ta, VERB_ALGO, "is self-signed revoked");
1571 if(!ta->revoked)
1586 ds_rrset->entry.data;
1587 size_t ds_idx, num = dd->count;
1631 dnskey_rrset->entry.data;
1633 log_assert(ntohs(dnskey_rrset->rk.type) == LDNS_RR_TYPE_DNSKEY);
1635 for(i=0; i<dd->count; i++) {
1637 if(!rr_is_dnskey_sep(ntohs(dnskey_rrset->rk.type),
1638 dd->rr_data[i]+2, dd->rr_len[i]-2))
1640 if(rr_is_dnskey_revoked(ntohs(dnskey_rrset->rk.type),
1641 dd->rr_data[i]+2, dd->rr_len[i]-2)) {
1642 /* self-signed revoked keys already detected before,
1643 * other revoked keys are not 'added' again */
1653 tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass);
1658 if(!find_key(tp, ntohs(dnskey_rrset->rk.type),
1659 dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) {
1663 ta = add_key(tp, (uint32_t)dd->rr_ttl[i],
1664 dd->rr_data[i]+2, dd->rr_len[i]-2);
1667 if(ta && tp->ds_rrset && key_matches_a_ds(env, ve,
1668 dnskey_rrset, i, tp->ds_rrset)) {
1670 ta->s = AUTR_STATE_VALID;
1685 * setting: add-holddown: add holddown timer
1686 * setting: del-holddown: del holddown timer
1697 if(*env->now < ta->last_change) {
1701 elapsed = *env->now - ta->last_change;
1703 return elapsed-(time_t)holddown;
1706 (long long) ((time_t)holddown-elapsed));
1715 ta->last_change = *env->now;
1725 trustanchor_state2str(ta->s), trustanchor_state2str(s));
1726 ta->s = s;
1735 if (anchor->s == AUTR_STATE_START)
1746 time_t exceeded = check_holddown(env, anchor, env->cfg->add_holddown);
1747 if (exceeded && anchor->s == AUTR_STATE_ADDPEND) {
1748 verbose_key(anchor, VERB_ALGO, "add-holddown time exceeded "
1749 ARG_LL "d seconds ago, and pending-count %d",
1750 (long long)exceeded, anchor->pending_count);
1751 if(anchor->pending_count >= MIN_PENDINGCOUNT) {
1753 anchor->pending_count = 0;
1756 verbose_key(anchor, VERB_ALGO, "add-holddown time sanity check "
1757 "failed (pending count: %d)", anchor->pending_count);
1765 time_t exceeded = check_holddown(env, anchor, env->cfg->del_holddown);
1766 if(exceeded && anchor->s == AUTR_STATE_REVOKED) {
1767 verbose_key(anchor, VERB_ALGO, "del-holddown time exceeded "
1777 if(anchor->s == AUTR_STATE_ADDPEND) {
1779 anchor->pending_count = 0;
1780 } else if(anchor->s == AUTR_STATE_VALID)
1788 if(anchor->s == AUTR_STATE_MISSING)
1796 if(anchor->s == AUTR_STATE_VALID || anchor->s == AUTR_STATE_MISSING) {
1809 switch(anchor->s) {
1813 if (anchor->fetched)
1819 if (!anchor->fetched)
1827 if (anchor->revoked)
1830 else if (!anchor->fetched)
1832 else if(!anchor->last_change) {
1840 if (anchor->revoked)
1843 else if (anchor->fetched)
1848 if (anchor->fetched)
1868 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
1870 if(sldns_wirerr_get_type(anchor->rr, anchor->rr_len,
1871 anchor->dname_len) == LDNS_RR_TYPE_DNSKEY &&
1872 anchor->last_change == 0 &&
1874 anchor->s == AUTR_STATE_VALID)
1879 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
1881 anchor->s == AUTR_STATE_ADDPEND) {
1901 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
1905 if (anchor->s == AUTR_STATE_VALID)
1909 * a ZSK (last-change=0) anchor, which is VALID and there are KSKs
1921 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
1923 if(anchor->s == AUTR_STATE_START)
1935 /* Only do MISSING keys */
1936 if (anchor->s != AUTR_STATE_MISSING)
1938 if(env->cfg->keep_missing == 0)
1941 exceeded = check_holddown(env, anchor, env->cfg->keep_missing);
1945 verbose_key(anchor, VERB_ALGO, "keep-missing time "
1959 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
1974 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
1976 anchor->s == AUTR_STATE_ADDPEND)
1986 prevp = &tp->autr->keys;
1987 p = tp->autr->keys;
1990 if(p->s == AUTR_STATE_START || p->s == AUTR_STATE_REMOVED ||
1991 sldns_wirerr_get_type(p->rr, p->rr_len, p->dname_len)
1993 struct autr_ta* np = p->next;
1995 free(p->rr);
2003 if(p->s != AUTR_STATE_ADDPEND)
2004 p->pending_count = 0;
2005 prevp = &p->next;
2006 p = p->next;
2014 /* make it random, 90-100% */
2023 rest = wait-rnd;
2024 rnd = (time_t)ub_random_max(env->rnd, (long int)rnd);
2025 return (time_t)(*env->now + rest + rnd);
2032 rbnode_type* t = rbtree_first(&anchors->autr->probe);
2034 return ((struct trust_anchor*)t->key)->autr->next_probe_time;
2044 time_t next = (time_t)wait_probe_time(env->anchors);
2046 if(!env->probe_timer)
2048 if(next > *env->now)
2049 tv.tv_sec = (time_t)(next - *env->now);
2053 comm_timer_set(env->probe_timer, &tv);
2066 key.name = dnskey_rrset->rk.dname;
2067 key.namelen = dnskey_rrset->rk.dname_len;
2069 key.dclass = tp->dclass;
2070 lock_basic_unlock(&tp->lock);
2073 lock_basic_lock(&env->anchors->lock);
2074 tp2 = (struct trust_anchor*)rbtree_search(env->anchors->tree, &key);
2077 lock_basic_unlock(&env->anchors->lock);
2081 lock_basic_lock(&tp->lock);
2084 mold = wait_probe_time(env->anchors);
2085 (void)rbtree_delete(&env->anchors->autr->probe, tp);
2086 tp->autr->next_probe_time = calc_next_probe(env,
2087 tp->autr->query_interval);
2088 (void)rbtree_insert(&env->anchors->autr->probe, &tp->autr->pnode);
2089 mnew = wait_probe_time(env->anchors);
2091 lock_basic_unlock(&env->anchors->lock);
2093 (int)tp->autr->next_probe_time - (int)*env->now);
2111 tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass);
2112 tp->autr->revoked = 1;
2120 pd.next_probe_time = tp->autr->next_probe_time;
2121 key.name = dnskey_rrset->rk.dname;
2122 key.namelen = tp->namelen;
2123 key.namelabs = tp->namelabs;
2124 key.dclass = tp->dclass;
2126 /* unlock */
2127 lock_basic_unlock(&tp->lock);
2130 lock_basic_lock(&env->anchors->lock);
2131 del_tp = (struct trust_anchor*)rbtree_delete(env->anchors->tree, &key);
2132 mold = wait_probe_time(env->anchors);
2133 (void)rbtree_delete(&env->anchors->autr->probe, &key);
2134 mnew = wait_probe_time(env->anchors);
2135 anchors_init_parents_locked(env->anchors);
2136 lock_basic_unlock(&env->anchors->lock);
2143 del_tp->autr->next_probe_time = 0; /* no more probing for it */
2159 log_assert(tp && tp->autr);
2164 * is busy deleting it. Just unlock and let the other do its job */
2165 if(tp->autr->revoked) {
2167 "trust point revoked", tp->name,
2168 LDNS_RR_TYPE_DNSKEY, tp->dclass);
2169 lock_basic_unlock(&tp->lock);
2174 tp->autr->last_queried = *env->now;
2177 tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass);
2178 /* see if time alone makes some keys valid */
2183 log_err("malloc failure assembling autotrust keys");
2196 /* check for revoked keys to remove immediately */
2201 log_err("malloc failure assembling autotrust keys");
2204 if(!tp->ds_rrset && !tp->dnskey_rrset) {
2205 /* no more keys, all are revoked */
2207 tp->autr->last_success = *env->now;
2217 if(tp->autr->last_success) {
2218 tp->autr->query_failed += 1;
2224 tp->autr->last_success = *env->now;
2225 tp->autr->query_failed = 0;
2228 * - note which trust anchors are seen this probe.
2230 * - find minimum rrsig expiration interval
2238 /* - for every SEP key do the 5011 statetable.
2239 * - remove missing trustanchors (if veryold and we have new anchors).
2254 log_err("malloc failure assembling autotrust keys");
2257 if(!tp->ds_rrset && !tp->dnskey_rrset) {
2258 /* no more keys, all are revoked */
2272 char* str = sldns_wire2str_rr(ta->rr, ta->rr_len);
2277 if(str[0]) str[strlen(str)-1]=0; /* remove newline */
2278 (void)autr_ctime_r(&ta->last_change, buf);
2279 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
2281 trustanchor_state2str(ta->s), str, ta->s, ta->pending_count,
2282 ta->fetched?" fetched":"", ta->revoked?" revoked":"", buf);
2292 if(!tp->autr)
2294 dname_str(tp->name, buf);
2295 log_info("trust point %s : %d", buf, (int)tp->dclass);
2297 (int)tp->numDS, (int)tp->numDNSKEY);
2298 if(tp->ds_rrset) {
2299 log_packed_rrset(NO_VERBOSE, "DS:", tp->ds_rrset);
2301 if(tp->dnskey_rrset) {
2302 log_packed_rrset(NO_VERBOSE, "DNSKEY:", tp->dnskey_rrset);
2304 log_info("file %s", tp->autr->file);
2305 (void)autr_ctime_r(&tp->autr->last_queried, buf);
2306 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
2307 log_info("last_queried: %u %s", (unsigned)tp->autr->last_queried, buf);
2308 (void)autr_ctime_r(&tp->autr->last_success, buf);
2309 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
2310 log_info("last_success: %u %s", (unsigned)tp->autr->last_success, buf);
2311 (void)autr_ctime_r(&tp->autr->next_probe_time, buf);
2312 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */
2313 log_info("next_probe_time: %u %s", (unsigned)tp->autr->next_probe_time,
2315 log_info("query_interval: %u", (unsigned)tp->autr->query_interval);
2316 log_info("retry_time: %u", (unsigned)tp->autr->retry_time);
2317 log_info("query_failed: %u", (unsigned)tp->autr->query_failed);
2319 for(ta=tp->autr->keys; ta; ta=ta->next) {
2328 lock_basic_lock(&anchors->lock);
2329 RBTREE_FOR(tp, struct trust_anchor*, anchors->tree) {
2330 lock_basic_lock(&tp->lock);
2332 lock_basic_unlock(&tp->lock);
2334 lock_basic_unlock(&anchors->lock);
2342 * re-querytime is set when query succeeded, but that may not
2363 sldns_buffer* buf = env->scratch_buffer;
2364 qinfo.qname = regional_alloc_init(env->scratch, tp->name, tp->namelen);
2369 qinfo.qname_len = tp->namelen;
2371 qinfo.qclass = tp->dclass;
2375 (int)tp->autr->next_probe_time - (int)*env->now);
2391 lock_basic_unlock(&tp->lock);
2396 rrset_cache_remove(env->rrset_cache, qinfo.qname, qinfo.qname_len,
2398 key_cache_remove(env->key_cache, qinfo.qname, qinfo.qname_len,
2401 if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
2407 /** fetch first to-probe trust-anchor and lock it and set retrytime */
2414 lock_basic_lock(&env->anchors->lock);
2415 if( (el=rbtree_first(&env->anchors->autr->probe)) == RBTREE_NULL) {
2417 lock_basic_unlock(&env->anchors->lock);
2422 tp = (struct trust_anchor*)el->key;
2423 lock_basic_lock(&tp->lock);
2426 if((time_t)tp->autr->next_probe_time > *env->now) {
2428 *next = (time_t)tp->autr->next_probe_time - *env->now;
2429 lock_basic_unlock(&tp->lock);
2430 lock_basic_unlock(&env->anchors->lock);
2435 (void)rbtree_delete(&env->anchors->autr->probe, tp);
2436 tp->autr->next_probe_time = calc_next_probe(env, tp->autr->retry_time);
2437 (void)rbtree_insert(&env->anchors->autr->probe, &tp->autr->pnode);
2438 lock_basic_unlock(&env->anchors->lock);
2457 regional_free_all(env->scratch);