mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 18:19:42 +00:00
Code Issues Releases Wiki Activity

Add code for creating keystore from config

Browse Source 
Add code for configuring keystore objects. Add this to the "kaspconf"
code, as it is related to 'dnssec-policy' and it is too small to create
a separate file for it.
This commit is contained in:
Matthijs Mekking 2022-01-25 10:08:43 +01:00
parent 0284482687
commit 3a86c07422
3 changed files with 116 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/dns/include/dns/types.h
View File

@ -108,6 +108,8 @@ typedef struct dns_keynode dns_keynode_t;
typedef ISC_LIST(dns_keynode_t) dns_keynodelist_t; typedef ISC_LIST(dns_keynode_t) dns_keynodelist_t;
typedef struct dns_keytable dns_keytable_t; typedef struct dns_keytable dns_keytable_t;
typedef uint16_t dns_keytag_t; typedef uint16_t dns_keytag_t;
typedef struct dns_keystore dns_keystore_t;
typedef ISC_LIST(dns_keystore_t) dns_keystorelist_t;
typedef struct dns_loadctx dns_loadctx_t; typedef struct dns_loadctx dns_loadctx_t;
typedef struct dns_loadmgr dns_loadmgr_t; typedef struct dns_loadmgr dns_loadmgr_t;
typedef struct dns_masterrawheader dns_masterrawheader_t; typedef struct dns_masterrawheader dns_masterrawheader_t;

28
lib/isccfg/include/isccfg/kaspconf.h
View File

@ -56,4 +56,32 @@ cfg_kasp_fromconfig(const cfg_obj_t *config, dns_kasp_t *default_kasp,
*\li Other errors are possible. *\li Other errors are possible.
*/ */
isc_result_t
cfg_keystore_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
isc_log_t *logctx, dns_keystorelist_t *keystorelist,
dns_keystore_t **kspp);
/*%<
* Create and configure a key store. If a 'keystorelist' is provided, a lookup
* happens and if a keystore already exists with the same name, no new one is
* created, and no attach to 'kspp' happens.
*
* Requires:
*
*\li config != NULL
*\li 'mctx' is a valid memory context.
*
*\li 'logctx' is a valid logging context.
*
*\li kspp != NULL && *kspp == NULL
*
* Returns:
*
*\li #ISC_R_SUCCESS If creating and configuring the keystore succeeds.
*\li #ISC_R_EXISTS If 'keystorelist' already has a keystore with 'name'.
*\li #ISC_R_NOMEMORY
*
*\li Other errors are possible.
*/
ISC_LANG_ENDDECLS ISC_LANG_ENDDECLS

84
lib/isccfg/kaspconf.c
View File

@ -24,6 +24,7 @@
#include <isc/util.h> #include <isc/util.h>
#include <dns/kasp.h> #include <dns/kasp.h>
#include <dns/keystore.h>
#include <dns/keyvalues.h> #include <dns/keyvalues.h>
#include <dns/log.h> #include <dns/log.h>
#include <dns/nsec3.h> #include <dns/nsec3.h>
@ -89,6 +90,23 @@ get_duration(const cfg_obj_t **maps, const char *option, const char *dfl) {
return (cfg_obj_asduration(obj)); return (cfg_obj_asduration(obj));
} }
/*
* Utility function for configuring strings.
*/
static const char *
get_string(const cfg_obj_t **maps, const char *option) {
const cfg_obj_t *obj;
isc_result_t result;
obj = NULL;
result = confget(maps, option, &obj);
if (result == ISC_R_NOTFOUND) {
return (NULL);
}
INSIST(result == ISC_R_SUCCESS);
return (cfg_obj_asstring(obj));
}
/* /*
* Create a new kasp key derived from configuration. * Create a new kasp key derived from configuration.
*/ */
@ -655,3 +673,69 @@ cleanup:
dns_kasp_detach(&kasp); dns_kasp_detach(&kasp);
return (result); return (result);
} }
isc_result_t
cfg_keystore_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
isc_log_t *logctx, dns_keystorelist_t *keystorelist,
dns_keystore_t **kspp) {
isc_result_t result;
const cfg_obj_t *maps[2];
const cfg_obj_t *koptions = NULL;
const char *name = NULL;
dns_keystore_t *keystore = NULL;
int i = 0;
REQUIRE(config != NULL);
REQUIRE(kspp != NULL && *kspp == NULL);
name = cfg_obj_asstring(cfg_tuple_get(config, "name"));
INSIST(name != NULL);
result = dns_keystorelist_find(keystorelist, name, &keystore);
if (result == ISC_R_SUCCESS) {
cfg_obj_log(config, logctx, ISC_LOG_ERROR,
"key-store: duplicate key-store found '%s'", name);
dns_keystore_detach(&keystore);
return (ISC_R_EXISTS);
}
if (result != ISC_R_NOTFOUND) {
cfg_obj_log(config, logctx, ISC_LOG_ERROR,
"key-store: lookup '%s' failed: %s", name,
isc_result_totext(result));
return (result);
}
/*
* No key-store with configured name was found in list, create new one.
*/
INSIST(keystore == NULL);
result = dns_keystore_create(mctx, name, &keystore);
if (result != ISC_R_SUCCESS) {
return (result);
}
INSIST(keystore != NULL);
/* Now configure. */
INSIST(DNS_KEYSTORE_VALID(keystore));
if (config != NULL) {
koptions = cfg_tuple_get(config, "options");
maps[i++] = koptions;
}
maps[i] = NULL;
/* Configuration */
dns_keystore_setdirectory(keystore, get_string(maps, "directory"));
dns_keystore_setpkcs11uri(keystore, get_string(maps, "uri"));
/* Append it to the list for future lookups. */
ISC_LIST_APPEND(*keystorelist, keystore, link);
INSIST(!(ISC_LIST_EMPTY(*keystorelist)));
/* Success: Attach the keystore to the pointer and return. */
dns_keystore_attach(keystore, kspp);
/* Don't detach as keystore is on '*keystorelist' */
return (ISC_R_SUCCESS);
}