mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 22:45:39 +00:00
Code Issues Releases Wiki Activity

Style: some curly brackets

Browse Source
This commit is contained in:
Matthijs Mekking
2019-03-14 09:44:01 +01:00
parent d330986374
commit 2e83e3255a
2 changed files with 63 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
lib/dns/update.c
View File

@@ -1106,10 +1106,13 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
for (i = 0; i < nkeys; i++) { for (i = 0; i < nkeys; i++) {
bool both = false; bool both = false;
if (!dst_key_isprivate(keys[i])) /* Don't add signatures for offline or inactive keys */
if (!dst_key_isprivate(keys[i])) {
continue; continue;
if (dst_key_inactive(keys[i])) /* Should be redundant. */ }
if (dst_key_inactive(keys[i])) {
continue; continue;
}
if (check_ksk && !REVOKE(keys[i])) { if (check_ksk && !REVOKE(keys[i])) {
bool have_ksk, have_nonksk; bool have_ksk, have_nonksk;
@@ -1121,21 +1124,31 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
have_nonksk = true; have_nonksk = true;
} }
for (j = 0; j < nkeys; j++) { for (j = 0; j < nkeys; j++) {
if (j == i || ALG(keys[i]) != ALG(keys[j])) if (j == i || ALG(keys[i]) != ALG(keys[j])) {
continue; continue;
if (!dst_key_isprivate(keys[j])) }
/* Don't consider inactive keys, however
* the key may be temporary offline, so do
* consider keys which private key files are
* unavailable.
*/
if (dst_key_inactive(keys[j])) {
continue; continue;
if (dst_key_inactive(keys[j])) /* SBR */ }
if (REVOKE(keys[j])) {
continue; continue;
if (REVOKE(keys[j])) }
continue; if (KSK(keys[j])) {
if (KSK(keys[j]))
have_ksk = true; have_ksk = true;
else } else {
have_nonksk = true; have_nonksk = true;
}
both = have_ksk && have_nonksk; both = have_ksk && have_nonksk;
if (both) if (both) {
break; break;
}
} }
} }

58
lib/dns/zone.c
View File

@@ -6461,10 +6461,11 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
* If there is not a matching DNSKEY then * If there is not a matching DNSKEY then
* delete the RRSIG. * delete the RRSIG.
*/ */
if (!found) if (!found) {
result = update_one_rr(db, ver, zonediff->diff, result = update_one_rr(db, ver, zonediff->diff,
DNS_DIFFOP_DELRESIGN, name, DNS_DIFFOP_DELRESIGN, name,
rdataset.ttl, &rdata); rdataset.ttl, &rdata);
}
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
break; break;
} }
@@ -6529,10 +6530,13 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
for (i = 0; i < nkeys; i++) { for (i = 0; i < nkeys; i++) {
bool both = false; bool both = false;
if (!dst_key_isprivate(keys[i])) /* Don't add signatures for offline or inactive keys */
if (!dst_key_isprivate(keys[i])) {
continue; continue;
if (dst_key_inactive(keys[i])) /* Should be redundant. */ }
if (dst_key_inactive(keys[i])) {
continue; continue;
}
if (check_ksk && !REVOKE(keys[i])) { if (check_ksk && !REVOKE(keys[i])) {
bool have_ksk, have_nonksk; bool have_ksk, have_nonksk;
@@ -6543,24 +6547,36 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
have_ksk = false; have_ksk = false;
have_nonksk = true; have_nonksk = true;
} }
for (j = 0; j < nkeys; j++) { for (j = 0; j < nkeys; j++) {
if (j == i || ALG(keys[i]) != ALG(keys[j])) if (j == i || ALG(keys[i]) != ALG(keys[j])) {
continue; continue;
if (!dst_key_isprivate(keys[j])) }
/* Don't consider inactive keys, however
* the key may be temporary offline, so do
* consider keys which private key files are
* unavailable.
*/
if (dst_key_inactive(keys[j])) {
continue; continue;
if (dst_key_inactive(keys[j])) /* SBR */ }
if (REVOKE(keys[j])) {
continue; continue;
if (REVOKE(keys[j])) }
continue; if (KSK(keys[j])) {
if (KSK(keys[j]))
have_ksk = true; have_ksk = true;
else } else {
have_nonksk = true; have_nonksk = true;
}
both = have_ksk && have_nonksk; both = have_ksk && have_nonksk;
if (both) if (both) {
break; break;
}
} }
} }
if (both) { if (both) {
/* /*
* CDS and CDNSKEY are signed with KSK (RFC 7344, 4.1). * CDS and CDNSKEY are signed with KSK (RFC 7344, 4.1).
@@ -10485,14 +10501,17 @@ zone_maintenance(dns_zone_t *zone) {
if (zone->rss_event != NULL) if (zone->rss_event != NULL)
break; break;
if (!isc_time_isepoch(&zone->signingtime) && if (!isc_time_isepoch(&zone->signingtime) &&
isc_time_compare(&now, &zone->signingtime) >= 0) isc_time_compare(&now, &zone->signingtime) >= 0) {
zone_sign(zone); zone_sign(zone);
}
else if (!isc_time_isepoch(&zone->resigntime) && else if (!isc_time_isepoch(&zone->resigntime) &&
isc_time_compare(&now, &zone->resigntime) >= 0) isc_time_compare(&now, &zone->resigntime) >= 0) {
zone_resigninc(zone); zone_resigninc(zone);
}
else if (!isc_time_isepoch(&zone->nsec3chaintime) && else if (!isc_time_isepoch(&zone->nsec3chaintime) &&
isc_time_compare(&now, &zone->nsec3chaintime) >= 0) isc_time_compare(&now, &zone->nsec3chaintime) >= 0) {
zone_nsec3chain(zone); zone_nsec3chain(zone);
}
/* /*
* Do we need to issue a key expiry warning? * Do we need to issue a key expiry warning?
*/ */
@@ -18016,15 +18035,18 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype,
for (tuple = ISC_LIST_HEAD(diff->tuples); for (tuple = ISC_LIST_HEAD(diff->tuples);
tuple != NULL; tuple != NULL;
tuple = ISC_LIST_NEXT(tuple, link)) { tuple = ISC_LIST_NEXT(tuple, link)) {
if (tuple->rdata.type != dns_rdatatype_dnskey) if (tuple->rdata.type != dns_rdatatype_dnskey) {
continue; continue;
}
result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL); result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS); RUNTIME_CHECK(result == ISC_R_SUCCESS);
if ((dnskey.flags & if ((dnskey.flags &
(DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH)) (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))
!= DNS_KEYOWNER_ZONE) != DNS_KEYOWNER_ZONE)
{
continue; continue;
}
dns_rdata_toregion(&tuple->rdata, &r); dns_rdata_toregion(&tuple->rdata, &r);
@@ -18042,8 +18064,10 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype,
if (sign_all || tuple->op == DNS_DIFFOP_DEL) { if (sign_all || tuple->op == DNS_DIFFOP_DEL) {
CHECK(rr_exists(db, ver, name, &rdata, &flag)); CHECK(rr_exists(db, ver, name, &rdata, &flag));
if (flag) if (flag) {
continue; continue;
}
CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD,
name, 0, &rdata, &newtuple)); name, 0, &rdata, &newtuple));
CHECK(do_one_tuple(&newtuple, db, ver, diff)); CHECK(do_one_tuple(&newtuple, db, ver, diff));
@@ -18369,7 +18393,6 @@ zone_rekey(dns_zone_t *zone) {
goto failure; goto failure;
} }
/* Get the CDS rdataset */ /* Get the CDS rdataset */
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_cds, result = dns_db_findrdataset(db, node, ver, dns_rdatatype_cds,
dns_rdatatype_none, 0, &cdsset, NULL); dns_rdatatype_none, 0, &cdsset, NULL);
@@ -18395,7 +18418,6 @@ zone_rekey(dns_zone_t *zone) {
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
bool check_ksk; bool check_ksk;
check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK); check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
result = dns_dnssec_updatekeys(&dnskeys, &keys, &rmkeys, result = dns_dnssec_updatekeys(&dnskeys, &keys, &rmkeys,
&zone->origin, ttl, &diff, &zone->origin, ttl, &diff,
!check_ksk, mctx, !check_ksk, mctx,