mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 07:35:26 +00:00
Code Issues Releases Wiki Activity

add dns_view_addtrustedkey()

Browse Source 
the new dns_view_addtrustedkey() function allows a view's trust
anchors to be updated directly. this code was formerly in
dns_client_addtrustedkey(), which is now a wrapper around
dns_view_addtrustedkey().
This commit is contained in:
Evan Hunt
2023-01-31 13:30:12 -08:00
parent 2587fefbaa
commit 33a741f897
4 changed files with 73 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
lib/dns/client.c
View File

@@ -1074,45 +1074,8 @@ isc_result_t
dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass, dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass,
dns_rdatatype_t rdtype, const dns_name_t *keyname, dns_rdatatype_t rdtype, const dns_name_t *keyname,
isc_buffer_t *databuf) { isc_buffer_t *databuf) {
isc_result_t result;
dns_keytable_t *secroots = NULL;
dns_name_t *name = NULL;
char rdatabuf[DST_KEY_MAXSIZE];
unsigned char digest[ISC_MAX_MD_SIZE];
dns_rdata_ds_t ds;
dns_rdata_t rdata;
isc_buffer_t b;
REQUIRE(DNS_CLIENT_VALID(client)); REQUIRE(DNS_CLIENT_VALID(client));
REQUIRE(rdclass == dns_rdataclass_in); REQUIRE(rdclass == dns_rdataclass_in);
CHECK(dns_view_getsecroots(client->view, &secroots)); return (dns_view_addtrustedkey(client->view, rdtype, keyname, databuf));
DE_CONST(keyname, name);
if (rdtype != dns_rdatatype_dnskey && rdtype != dns_rdatatype_ds) {
result = ISC_R_NOTIMPLEMENTED;
goto cleanup;
}
isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
dns_rdata_init(&rdata);
isc_buffer_setactive(databuf, isc_buffer_usedlength(databuf));
CHECK(dns_rdata_fromwire(&rdata, rdclass, rdtype, databuf,
DNS_DECOMPRESS_NEVER, &b));
if (rdtype == dns_rdatatype_ds) {
CHECK(dns_rdata_tostruct(&rdata, &ds, NULL));
} else {
CHECK(dns_ds_fromkeyrdata(name, &rdata, DNS_DSDIGEST_SHA256,
digest, &ds));
}
CHECK(dns_keytable_add(secroots, false, false, name, &ds, NULL, NULL));
cleanup:
if (secroots != NULL) {
dns_keytable_detach(&secroots);
}
return (result);
} }

9
lib/dns/include/dns/client.h
View File

@@ -279,10 +279,11 @@ dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass,
dns_rdatatype_t rdtype, const dns_name_t *keyname, dns_rdatatype_t rdtype, const dns_name_t *keyname,
isc_buffer_t *keydatabuf); isc_buffer_t *keydatabuf);
/*%< /*%<
* Add a DNSSEC trusted key for the 'rdclass' class. A view for the 'rdclass' * Add a DNSSEC trusted key for the 'rdclass' class (only class 'IN' is
* class must be created beforehand. 'rdtype' is the type of the RR data * currently supported). A view for the 'rdclass' class must be created
* for the key, either DNSKEY or DS. 'keyname' is the DNS name of the key, * beforehand. 'rdtype' is the type of the RR data for the key, either
* and 'keydatabuf' stores the RR data. * DNSKEY or DS. 'keyname' is the DNS name of the key, and 'keydatabuf'
* stores the RR data.
* *
* Requires: * Requires:
* *

25
lib/dns/include/dns/view.h
View File

@@ -1262,4 +1262,29 @@ dns_view_getdispatchmgr(dns_view_t *view);
* by the resolver and request managers to send and receive DNS * by the resolver and request managers to send and receive DNS
* messages. * messages.
*/ */
isc_result_t
dns_view_addtrustedkey(dns_view_t *view, dns_rdatatype_t rdtype,
const dns_name_t *keyname, isc_buffer_t *databuf);
/*%<
* Add a DNSSEC trusted key to a view of class 'IN'. 'rdtype' is the type
* of the RR data for the key, either DNSKEY or DS. 'keyname' is the DNS
* name of the key, and 'databuf' stores the RR data.
* Requires:
*
*\li 'view' is a valid view.
*\li 'view' is class 'IN'.
*
*\li 'keyname' is a valid name.
*
*\li 'keydatabuf' is a valid buffer.
*
* Returns:
*
*\li #ISC_R_SUCCESS On success.
*
*\li Anything else Failure.
*/
ISC_LANG_ENDDECLS ISC_LANG_ENDDECLS

42
lib/dns/view.c
View File

@@ -26,6 +26,7 @@
#include <isc/file.h> #include <isc/file.h>
#include <isc/hash.h> #include <isc/hash.h>
#include <isc/lex.h> #include <isc/lex.h>
#include <isc/md.h>
#include <isc/result.h> #include <isc/result.h>
#include <isc/stats.h> #include <isc/stats.h>
#include <isc/string.h> #include <isc/string.h>
@@ -2323,3 +2324,44 @@ dns_view_getdispatchmgr(dns_view_t *view) {
REQUIRE(DNS_VIEW_VALID(view)); REQUIRE(DNS_VIEW_VALID(view));
return (view->dispatchmgr); return (view->dispatchmgr);
} }
isc_result_t
dns_view_addtrustedkey(dns_view_t *view, dns_rdatatype_t rdtype,
const dns_name_t *keyname, isc_buffer_t *databuf) {
isc_result_t result;
dns_name_t *name = NULL;
char rdatabuf[DST_KEY_MAXSIZE];
unsigned char digest[ISC_MAX_MD_SIZE];
dns_rdata_ds_t ds;
dns_rdata_t rdata;
isc_buffer_t b;
REQUIRE(DNS_VIEW_VALID(view));
REQUIRE(view->rdclass == dns_rdataclass_in);
DE_CONST(keyname, name);
if (rdtype != dns_rdatatype_dnskey && rdtype != dns_rdatatype_ds) {
result = ISC_R_NOTIMPLEMENTED;
goto cleanup;
}
isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
dns_rdata_init(&rdata);
isc_buffer_setactive(databuf, isc_buffer_usedlength(databuf));
CHECK(dns_rdata_fromwire(&rdata, view->rdclass, rdtype, databuf,
DNS_DECOMPRESS_NEVER, &b));
if (rdtype == dns_rdatatype_ds) {
CHECK(dns_rdata_tostruct(&rdata, &ds, NULL));
} else {
CHECK(dns_ds_fromkeyrdata(name, &rdata, DNS_DSDIGEST_SHA256,
digest, &ds));
}
CHECK(dns_keytable_add(view->secroots_priv, false, false, name, &ds,
NULL, NULL));
cleanup:
return (result);
}