bind/bin/named/tsigconf.c

/*
 * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
 * Copyright (C) 1999-2001  Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
 */

/* $Id: tsigconf.c,v 1.22 2004/03/05 04:57:49 marka Exp $ */

#include <config.h>

#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/mem.h>
#include <isc/string.h>

#include <isccfg/cfg.h>

#include <dns/tsig.h>
#include <dns/result.h>

#include <named/log.h>

#include <named/config.h>
#include <named/tsigconf.h>

static isc_result_t
add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) {
	cfg_listelt_t *element;
	cfg_obj_t *key = NULL;
	char *keyid = NULL;
	unsigned char *secret = NULL;
	int secretalloc = 0;
	int secretlen = 0;
	isc_result_t ret;
	isc_stdtime_t now;

	for (element = cfg_list_first(list);
	     element != NULL;
	     element = cfg_list_next(element))
	{
		cfg_obj_t *algobj = NULL;
		cfg_obj_t *secretobj = NULL;
		dns_name_t keyname;
		dns_name_t *alg;
		char *algstr;
		char keynamedata[1024];
		isc_buffer_t keynamesrc, keynamebuf;
		char *secretstr;
		isc_buffer_t secretbuf;

		key = cfg_listelt_value(element);
		keyid = cfg_obj_asstring(cfg_map_getname(key));

		algobj = NULL;
		secretobj = NULL;
		(void)cfg_map_get(key, "algorithm", &algobj);
		(void)cfg_map_get(key, "secret", &secretobj);
		INSIST(algobj != NULL && secretobj != NULL);

		/*
		 * Create the key name.
		 */
		dns_name_init(&keyname, NULL);
		isc_buffer_init(&keynamesrc, keyid, strlen(keyid));
		isc_buffer_add(&keynamesrc, strlen(keyid));
		isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
		ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
					ISC_TRUE, &keynamebuf);
		if (ret != ISC_R_SUCCESS)
			goto failure;

		/*
		 * Create the algorithm.
		 */
		algstr = cfg_obj_asstring(algobj);
		if (ns_config_getkeyalgorithm(algstr, &alg) != ISC_R_SUCCESS) {
			cfg_obj_log(algobj, ns_g_lctx, ISC_LOG_ERROR,
				    "key '%s': the only supported algorithm "
				    "is hmac-md5", keyid);
			ret = DNS_R_BADALG;
			goto failure;
		}

		secretstr = cfg_obj_asstring(secretobj);
		secretalloc = secretlen = strlen(secretstr) * 3 / 4;
		secret = isc_mem_get(mctx, secretlen);
		if (secret == NULL) {
			ret = ISC_R_NOMEMORY;
			goto failure;
		}
		isc_buffer_init(&secretbuf, secret, secretlen);
		ret = isc_base64_decodestring(secretstr, &secretbuf);
		if (ret != ISC_R_SUCCESS)
			goto failure;
		secretlen = isc_buffer_usedlength(&secretbuf);

		isc_stdtime_get(&now);
		ret = dns_tsigkey_create(&keyname, alg, secret, secretlen,
					 ISC_FALSE, NULL, now, now,
					 mctx, ring, NULL);
		isc_mem_put(mctx, secret, secretalloc);
		secret = NULL;
		if (ret != ISC_R_SUCCESS)
			goto failure;
	}

	return (ISC_R_SUCCESS);

 failure:
	cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
		    "configuring key '%s': %s", keyid,
		    isc_result_totext(ret));

	if (secret != NULL)
		isc_mem_put(mctx, secret, secretalloc);
	return (ret);

}

isc_result_t
ns_tsigkeyring_fromconfig(cfg_obj_t *config, cfg_obj_t *vconfig,
			  isc_mem_t *mctx, dns_tsig_keyring_t **ringp)
{
	cfg_obj_t *maps[3];
	cfg_obj_t *keylist;
	dns_tsig_keyring_t *ring = NULL;
	isc_result_t result;
	int i;

	i = 0;
	if (config != NULL)
		maps[i++] = config;
	if (vconfig != NULL)
		maps[i++] = cfg_tuple_get(vconfig, "options");
	maps[i] = NULL;

	result = dns_tsigkeyring_create(mctx, &ring);
	if (result != ISC_R_SUCCESS)
		return (result);

	for (i = 0; ; i++) {
		if (maps[i] == NULL)
			break;
		keylist = NULL;
		result = cfg_map_get(maps[i], "key", &keylist);
		if (result != ISC_R_SUCCESS)
			continue;
		result = add_initial_keys(keylist, ring, mctx);
		if (result != ISC_R_SUCCESS)
			goto failure;
	}

	*ringp = ring;
	return (ISC_R_SUCCESS);

 failure:
	dns_tsigkeyring_destroy(&ring);
	return (result);
}
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`/*`
update copyright notice 2004-03-05 05:14:21 +00:00			`* Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")`
copyright update 2001-01-09 22:01:04 +00:00			`* Copyright (C) 1999-2001 Internet Software Consortium.`
Trailing whitespace trimmed. Perhaps running "perl util/spacewhack.pl in your own CVS tree will help minimize CVS conflicts. Maybe not. Blame Graff for getting me to trim all trailing whitespace. 2000-08-01 01:33:37 +00:00			`*`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`* Permission to use, copy, modify, and distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
Trailing whitespace trimmed. Perhaps running "perl util/spacewhack.pl in your own CVS tree will help minimize CVS conflicts. Maybe not. Blame Graff for getting me to trim all trailing whitespace. 2000-08-01 01:33:37 +00:00			`*`
update copyright notice 2004-03-05 05:14:21 +00:00			`* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH`
			`* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY`
			`* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,`
			`* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM`
			`* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE`
			`* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR`
			`* PERFORMANCE OF THIS SOFTWARE.`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`*/`

update copyright notice 2004-03-05 05:14:21 +00:00			`/* $Id: tsigconf.c,v 1.22 2004/03/05 04:57:49 marka Exp $ */`
add RCS id string 2000-06-22 22:00:42 +00:00
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`#include <config.h>`

			`#include <isc/base64.h>`
Megacommit of dozens of files. Cleanup of redundant/useless header file inclusion. ISC style lint, primarily for function declarations and standalone comments -- ie, those that appear on a line without any code, which should be written as follows: /* * This is a comment. */ 2000-05-08 14:38:29 +00:00			`#include <isc/buffer.h>`
			`#include <isc/mem.h>`
			`#include <isc/string.h>`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`#include <isccfg/cfg.h>`

Megacommit of dozens of files. Cleanup of redundant/useless header file inclusion. ISC style lint, primarily for function declarations and standalone comments -- ie, those that appear on a line without any code, which should be written as follows: /* * This is a comment. */ 2000-05-08 14:38:29 +00:00			`#include <dns/tsig.h>`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`#include <dns/result.h>`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00
provide a more detailed error message when configuring a TSIG key fails [RT #461] 2000-11-15 00:42:50 +00:00			`#include <named/log.h>`

fix warning 2001-08-03 18:39:50 +00:00			`#include <named/config.h>`
Continue move of lib/dns/*conf.c stuff to bin/named 2000-11-27 19:42:38 +00:00			`#include <named/tsigconf.h>`

separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`static isc_result_t`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`add_initial_keys(cfg_obj_t list, dns_tsig_keyring_t ring, isc_mem_t *mctx) {`
			`cfg_listelt_t *element;`
			`cfg_obj_t *key = NULL;`
			`char *keyid = NULL;`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`unsigned char *secret = NULL;`
			`int secretalloc = 0;`
			`int secretlen = 0;`
			`isc_result_t ret;`
- generated TSIG keys can expire - TKEY actually uses class ANY now 2000-01-24 22:22:51 +00:00			`isc_stdtime_t now;`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`for (element = cfg_list_first(list);`
			`element != NULL;`
			`element = cfg_list_next(element))`
			`{`
			`cfg_obj_t *algobj = NULL;`
			`cfg_obj_t *secretobj = NULL;`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`dns_name_t keyname;`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`dns_name_t *alg;`
check for hmac-md5.sig-alg.reg.int as well as just hmac-md5 in key statements. 2001-06-10 02:37:08 +00:00			`char *algstr;`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`char keynamedata[1024];`
			`isc_buffer_t keynamesrc, keynamebuf;`
			`char *secretstr;`
Use isc_base64_decodestring() instead of an explicit lexer. 2000-07-18 01:14:17 +00:00			`isc_buffer_t secretbuf;`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`key = cfg_listelt_value(element);`
			`keyid = cfg_obj_asstring(cfg_map_getname(key));`

			`algobj = NULL;`
			`secretobj = NULL;`
			`(void)cfg_map_get(key, "algorithm", &algobj);`
			`(void)cfg_map_get(key, "secret", &secretobj);`
			`INSIST(algobj != NULL && secretobj != NULL);`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00
Megacommit of dozens of files. Cleanup of redundant/useless header file inclusion. ISC style lint, primarily for function declarations and standalone comments -- ie, those that appear on a line without any code, which should be written as follows: /* * This is a comment. */ 2000-05-08 14:38:29 +00:00			`/*`
			`* Create the key name.`
			`*/`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`dns_name_init(&keyname, NULL);`
			`isc_buffer_init(&keynamesrc, keyid, strlen(keyid));`
			`isc_buffer_add(&keynamesrc, strlen(keyid));`
103. [func] libisc buffer API changes for <isc/buffer.h>: Added: isc_buffer_base(b) (pointer) isc_buffer_current(b) (pointer) isc_buffer_active(b) (pointer) isc_buffer_used(b) (pointer) isc_buffer_length(b) (int) isc_buffer_usedlength(b) (int) isc_buffer_consumedlength(b) (int) isc_buffer_remaininglength(b) (int) isc_buffer_activelength(b) (int) isc_buffer_availablelength(b) (int) Removed: ISC_BUFFER_USEDCOUNT(b) ISC_BUFFER_AVAILABLECOUNT(b) isc_buffer_type(b) Changed names: isc_buffer_used(b, r) -> isc_buffer_usedregion(b, r) isc_buffer_available(b, r) -> isc_buffer_available_region(b, r) isc_buffer_consumed(b, r) -> isc_buffer_consumedregion(b, r) isc_buffer_active(b, r) -> isc_buffer_activeregion(b, r) isc_buffer_remaining(b, r) -> isc_buffer_remainingregion(b, r) Buffer types were removed, so the ISC_BUFFERTYPE_* macros are no more, and the type argument to isc_buffer_init and isc_buffer_allocate were removed. isc_buffer_putstr is now void (instead of isc_result_t) and requires that the caller ensure that there is enough available buffer space for the string. 2000-04-27 00:03:12 +00:00			`isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,`
			`ISC_TRUE, &keynamebuf);`
			`if (ret != ISC_R_SUCCESS)`
			`goto failure;`

Megacommit of dozens of files. Cleanup of redundant/useless header file inclusion. ISC style lint, primarily for function declarations and standalone comments -- ie, those that appear on a line without any code, which should be written as follows: /* * This is a comment. */ 2000-05-08 14:38:29 +00:00			`/*`
			`* Create the algorithm.`
			`*/`
check for hmac-md5.sig-alg.reg.int as well as just hmac-md5 in key statements. 2001-06-10 02:37:08 +00:00			`algstr = cfg_obj_asstring(algobj);`
fix key algorithm checks 2001-08-03 18:12:08 +00:00			`if (ns_config_getkeyalgorithm(algstr, &alg) != ISC_R_SUCCESS) {`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`cfg_obj_log(algobj, ns_g_lctx, ISC_LOG_ERROR,`
			`"key '%s': the only supported algorithm "`
			`"is hmac-md5", keyid);`
			`ret = DNS_R_BADALG;`
			`goto failure;`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`}`

762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`secretstr = cfg_obj_asstring(secretobj);`
			`secretalloc = secretlen = strlen(secretstr) * 3 / 4;`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`secret = isc_mem_get(mctx, secretlen);`
			`if (secret == NULL) {`
			`ret = ISC_R_NOMEMORY;`
			`goto failure;`
			`}`
103. [func] libisc buffer API changes for <isc/buffer.h>: Added: isc_buffer_base(b) (pointer) isc_buffer_current(b) (pointer) isc_buffer_active(b) (pointer) isc_buffer_used(b) (pointer) isc_buffer_length(b) (int) isc_buffer_usedlength(b) (int) isc_buffer_consumedlength(b) (int) isc_buffer_remaininglength(b) (int) isc_buffer_activelength(b) (int) isc_buffer_availablelength(b) (int) Removed: ISC_BUFFER_USEDCOUNT(b) ISC_BUFFER_AVAILABLECOUNT(b) isc_buffer_type(b) Changed names: isc_buffer_used(b, r) -> isc_buffer_usedregion(b, r) isc_buffer_available(b, r) -> isc_buffer_available_region(b, r) isc_buffer_consumed(b, r) -> isc_buffer_consumedregion(b, r) isc_buffer_active(b, r) -> isc_buffer_activeregion(b, r) isc_buffer_remaining(b, r) -> isc_buffer_remainingregion(b, r) Buffer types were removed, so the ISC_BUFFERTYPE_* macros are no more, and the type argument to isc_buffer_init and isc_buffer_allocate were removed. isc_buffer_putstr is now void (instead of isc_result_t) and requires that the caller ensure that there is enough available buffer space for the string. 2000-04-27 00:03:12 +00:00			`isc_buffer_init(&secretbuf, secret, secretlen);`
isc_{base64\|hex}_decodestring took an unused mctx. Remove the mctx. 2001-03-22 00:07:07 +00:00			`ret = isc_base64_decodestring(secretstr, &secretbuf);`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`if (ret != ISC_R_SUCCESS)`
			`goto failure;`
103. [func] libisc buffer API changes for <isc/buffer.h>: Added: isc_buffer_base(b) (pointer) isc_buffer_current(b) (pointer) isc_buffer_active(b) (pointer) isc_buffer_used(b) (pointer) isc_buffer_length(b) (int) isc_buffer_usedlength(b) (int) isc_buffer_consumedlength(b) (int) isc_buffer_remaininglength(b) (int) isc_buffer_activelength(b) (int) isc_buffer_availablelength(b) (int) Removed: ISC_BUFFER_USEDCOUNT(b) ISC_BUFFER_AVAILABLECOUNT(b) isc_buffer_type(b) Changed names: isc_buffer_used(b, r) -> isc_buffer_usedregion(b, r) isc_buffer_available(b, r) -> isc_buffer_available_region(b, r) isc_buffer_consumed(b, r) -> isc_buffer_consumedregion(b, r) isc_buffer_active(b, r) -> isc_buffer_activeregion(b, r) isc_buffer_remaining(b, r) -> isc_buffer_remainingregion(b, r) Buffer types were removed, so the ISC_BUFFERTYPE_* macros are no more, and the type argument to isc_buffer_init and isc_buffer_allocate were removed. isc_buffer_putstr is now void (instead of isc_result_t) and requires that the caller ensure that there is enough available buffer space for the string. 2000-04-27 00:03:12 +00:00			`secretlen = isc_buffer_usedlength(&secretbuf);`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00
- generated TSIG keys can expire - TKEY actually uses class ANY now 2000-01-24 22:22:51 +00:00			`isc_stdtime_get(&now);`
don't copy a name structure, copy a pointer. 2000-07-18 00:44:52 +00:00			`ret = dns_tsigkey_create(&keyname, alg, secret, secretlen,`
- generated TSIG keys can expire - TKEY actually uses class ANY now 2000-01-24 22:22:51 +00:00			`ISC_FALSE, NULL, now, now,`
			`mctx, ring, NULL);`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`isc_mem_put(mctx, secret, secretalloc);`
			`secret = NULL;`
			`if (ret != ISC_R_SUCCESS)`
			`goto failure;`
			`}`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`return (ISC_R_SUCCESS);`

762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`failure:`
			`cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,`
Don't refer to keys as "TSIG keys", since they might be used for rndc only, and this could be confusing. 2001-07-26 20:54:35 +00:00			`"configuring key '%s': %s", keyid,`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`isc_result_totext(ret));`

separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`if (secret != NULL)`
Use isc_base64_decodestring() instead of an explicit lexer. 2000-07-18 01:14:17 +00:00			`isc_mem_put(mctx, secret, secretalloc);`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`return (ret);`

			`}`

			`isc_result_t`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`ns_tsigkeyring_fromconfig(cfg_obj_t config, cfg_obj_t vconfig,`
			`isc_mem_t mctx, dns_tsig_keyring_t *ringp)`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`{`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`cfg_obj_t *maps[3];`
			`cfg_obj_t *keylist;`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`dns_tsig_keyring_t *ring = NULL;`
			`isc_result_t result;`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`int i;`

			`i = 0;`
			`if (config != NULL)`
			`maps[i++] = config;`
			`if (vconfig != NULL)`
			`maps[i++] = cfg_tuple_get(vconfig, "options");`
			`maps[i] = NULL;`
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00
			`result = dns_tsigkeyring_create(mctx, &ring);`
			`if (result != ISC_R_SUCCESS)`
			`return (result);`
Wired up the view-specific 'key' statement. 2000-05-25 22:06:51 +00:00
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`for (i = 0; ; i++) {`
			`if (maps[i] == NULL)`
			`break;`
Trailing whitespace trimmed. Perhaps running "perl util/spacewhack.pl in your own CVS tree will help minimize CVS conflicts. Maybe not. Blame Graff for getting me to trim all trailing whitespace. 2000-08-01 01:33:37 +00:00			`keylist = NULL;`
762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00			`result = cfg_map_get(maps[i], "key", &keylist);`
			`if (result != ISC_R_SUCCESS)`
			`continue;`
			`result = add_initial_keys(keylist, ring, mctx);`
deal with the default view 2000-05-25 22:10:29 +00:00			`if (result != ISC_R_SUCCESS)`
			`goto failure;`
			`}`
Wired up the view-specific 'key' statement. 2000-05-25 22:06:51 +00:00
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library 2000-01-24 19:14:26 +00:00			`*ringp = ring;`
			`return (ISC_R_SUCCESS);`

			`failure:`
			`dns_tsigkeyring_destroy(&ring);`
			`return (result);`
			`}`