diff --git a/bin/tests/named.conf b/bin/tests/named.conf index 6ee104f077..b22dfaacf0 100644 --- a/bin/tests/named.conf +++ b/bin/tests/named.conf @@ -15,188 +15,151 @@ // watch out for ";" -- it's important! options { - request-ixfr yes; - provide-ixfr yes; - listen-on { - 10/24; - 10.0.0.3; 1:2:3:4:5:6:7:8; - }; - transfer-source 10.0.0.5; - transfer-source-v6 4:3:2:1:5:6:7:8; - - directory "."; // use current directory + version "my version string"; + directory "/tmp"; # Obsolete -# named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER + named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER dump-file "named_dump.db"; // _PATH_DUMPFILE pid-file "/var/run/named.pid"; // _PATH_PIDFILE statistics-file "named.stats"; // _PATH_STATS memstatistics-file "named.memstats"; // _PATH_MEMSTATS - tcp-clients 143; - recursive-clients 777; - rfc2308-type1 no; - tkey-domain "foo.com"; - tkey-dhkey "xyz" 666 ; - check-names master fail; - check-names slave warn; - check-names response ignore; - host-statistics no; - serial-queries 10; - min-roots 15; - treat-cr-as-space false; - -# Obsolete -# deallocate-on-exit no; // Painstakingly deallocate all -# // objects when exiting instead of -# // letting the OS clean up for us. -# // Useful a memory leak is suspected. -# // Final statistics are written to the -# // memstatistics-file. - - datasize default; - stacksize default; - coresize default; - files unlimited; - recursion yes; - expert-mode true; // don't issue warnings for some things - fetch-glue yes; - -# Obsolete -# fake-iquery no; - - notify yes; // send NOTIFY messages. You can set - // notify on a zone-by-zone - // basis in the "zone" statement - // see (below) auth-nxdomain yes; // always set AA on NXDOMAIN. // don't set this to 'no' unless // you know what you're doing -- older // servers won't like it. # Obsolete -# multiple-cnames no; // if yes, then a name my have more -# // than one CNAME RR. This use -# // is non-standard and is not -# // recommended, but it is available -# // because previous releases supported -# // it and it was used by large sites -# // for load balancing. + deallocate-on-exit no; // Painstakingly deallocate all + // objects when exiting instead of + // letting the OS clean up for us. + // Useful a memory leak is suspected. + // Final statistics are written to the + // memstatistics-file. + dialup yes; - allow-query { any; }; - allow-transfer { any; }; - transfers-in 10; // DEFAULT_XFERS_RUNNING, cannot be - // set > than MAX_XFERS_RUNNING (20) - transfers-per-ns 2; // DEFAULT_XFERS_PER_NS - transfers-out 0; // not implemented - max-transfer-time-in 300; // MAX_XFER_TIME; the default number - // of minutes an inbound zone transfer - // may run. May be set on a per-zone - // basis. - max-transfer-time-out 10; // MAX_XFER_TIME; the default number - max-transfer-idle-in 100; // MAX_XFER_TIME; the default number - max-transfer-idle-out 11; // MAX_XFER_TIME; the default number - /* - * The "transfer-format" option specifies the way outbound zone - * transfers (i.e. from us to them) are formatted. Two values are - * allowed: - * - * one-answer Each RR gets its own DNS message. - * This format is not very efficient, - * but is widely understood. All - * versions of BIND prior to 8.1 generate - * this format for outbound zone - * and require it on inbound transfers. - * - * many-answers As many RRs as will fit are put into - * each DNS message. This format is - * the most efficient, but is only known - * to work with BIND 8. Patches to - * BIND 4.9.5 named-xfer that enable it - * to understand 'many-answers' will be - * available. - * - * If you are going to be doing zone transfers to older servers, you - * shouldn't use 'many-answers'. 'transfer-format' may also be set - * on a host-by-host basis using the 'server' statement (see below). - */ - transfer-format one-answer; - query-source-v6 address 8:7:6:5:4:3:2:1 port *; - query-source port * address 10.0.0.54 ; - /* - * The "forward" option is only meaningful if you've defined - * forwarders. "first" gives the normal BIND - * forwarding behavior, i.e. ask the forwarders first, and if that - * doesn't work then do the full lookup. You can also say - * "forward only;" which is what used to be specified with - * "slave" or "options forward-only". "only" will never attempt - * a full lookup; only the forwarders will be used. - */ +# Obsolete + fake-iquery no; + + fetch-glue yes; + has-old-clients yes; + host-statistics no; + +# Obsolete + multiple-cnames no; // if yes, then a name my have more + // than one CNAME RR. This use + // is non-standard and is not + // recommended, but it is available + // because previous releases supported + // it and it was used by large sites + // for load balancing. + + notify yes; // send NOTIFY messages. You can set + // notify on a zone-by-zone + // basis in the "zone" statement + // see (below) + recursion yes; + rfc2308-type1 no; + +# Obsolete + use-id-pool yes; + +# Obsolete + treat-cr-as-space yes; + + also-notify { 10.0.2.3; }; + + // The "forward" option is only meaningful if you've defined + // forwarders. "first" gives the normal BIND + // forwarding behavior, i.e. ask the forwarders first, and if that + // doesn't work then do the full lookup. You can also say + // "forward only;" which is what used to be specified with + // "slave" or "options forward-only". "only" will never attempt + // a full lookup; only the forwarders will be used. forward first; - forwarders { }; // default is no forwarders - /* - * Here's a forwarders example that isn't trivial - */ - /* forwarders { 1.2.3.4; 5.6.7.8; }; - */ -// topology { localhost; localnets; }; // prefer local nameservers - /* - * Here's a more complicated topology example; it's commented out - * because only one topology block is allowed. - */ - topology { - 10/8; // prefer network 10.0.0.0 - // netmask 255.0.0.0 most - !1.2.3/24; // don't like 1.2.3.0 netmask - // 255.255.255.0 at all - { 1.2/16; 3/8; }; // like 1.2.0.0 netmask 255.255.0.0 - // and 3.0.0.0 netmask 255.0.0.0 - // equally well, but less than 10/8 + + check-names master fail; + check-names slave warn; + check-names response ignore; + + allow-query { any; }; + allow-transfer { any; }; + allow-recursion { !any; }; + blackhole { 45/24; }; + + listen-on { + 10/24; + 10.0.0.3; 1:2:3:4:5:6:7:8; }; + listen-on port 53 { any; }; + + listen-on { 5.6.7.8; }; + + listen-on port 1234 { + !1.2.3.4; + 1.2.3/24; + }; - listen-on port 53 { any; }; // listen for queries on port 53 on - // any interface on the system - // (i.e. all interfaces). The - // "port 53" is optional; if you - // don't specify a port, port 53 - // is assumed. - /* - * Multiple listen-on statements are allowed. Here's a more - * complicated example: - */ + query-source-v6 address 8:7:6:5:4:3:2:1 port *; + query-source port * address 10.0.0.54 ; - listen-on { 5.6.7.8; }; // listen on port 53 on interface - // 5.6.7.8 - listen-on port 1234 { // listen on port 1234 on any - !1.2.3.4; // interface on network 1.2.3 - 1.2.3/24; // netmask 255.255.255.0, except for - }; // interface 1.2.3.4. + lame-ttl 477; + max-transfer-time-in 300; + max-transfer-time-out 10; + max-transfer-idle-in 100; + max-transfer-idle-out 11; + + max-ncache-ttl 333; + min-roots 15; + serial-queries 34; - /* - * Interval Timers - */ - cleaning-interval 60; // clean the cache of expired RRs - // every 'cleaning-interval' minutes - interface-interval 60; // scan for new or deleted interfaces - // every 'interface-interval' minutes - statistics-interval 60; // log statistics every - // 'statistics-interval' minutes - /* - * IXFR options - */ + transfer-format one-answer; + + transfers-in 10; + transfers-per-ns 2; + transfers-out 0; + + transfer-source 10.0.0.5; + transfer-source-v6 4:3:2:1:5:6:7:8; + + request-ixfr yes; + provide-ixfr yes; # Now called 'provide-ixfr' # maintain-ixfr-base no; // If yes, keep transaction log file for IXFR - max-ixfr-log-size 20; // Not implemented, maximum size the - // IXFR transaction log file to grow + max-ixfr-log-size 20; + coresize 100; + datasize 101; + files 230; + stacksize 231; + cleaning-interval 1000; + heartbeat-interval 1001; + interface-interval 1002; + statistics-interval 1003; + + topology { + 10/8; + + !1.2.3/24; + + { 1.2/16; 3/8; }; + + + }; + + sortlist { 10/8; 11/8; }; + + tkey-domain "foo.com"; + tkey-dhkey "xyz" 666 ; }; /* @@ -251,7 +214,8 @@ zone "slave.demo.zone" { forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; }; }; -view "test-view" hs { +view "test-view" in { + key "viewkey" { algorithm "xxx" ; secret "yyy" ; }; allow-query { 10.0.0.30;}; match-clients { 10.0.0.1 ; }; check-names master warn; @@ -274,6 +238,7 @@ view "test-view" hs { min-roots 3; lame-ttl 477; max-ncache-ttl 333; + transfer-format many-answers; zone "view-zone.com" { type master; @@ -282,6 +247,8 @@ view "test-view" hs { }; }; +key "non-viewkey" { secret "aaa" ; algorithm "zzz" ; }; + zone "stub.demo.zone" { type stub; // stub zones are like slave zones, // except that only the NS records diff --git a/lib/dns/config/confip.c b/lib/dns/config/confip.c index 5e23e85e95..466b7a135a 100644 --- a/lib/dns/config/confip.c +++ b/lib/dns/config/confip.c @@ -15,7 +15,7 @@ * SOFTWARE. */ -/* $Id: confip.c,v 1.20 2000/03/28 22:58:17 brister Exp $ */ +/* $Id: confip.c,v 1.21 2000/04/07 13:35:04 brister Exp $ */ #include @@ -107,7 +107,7 @@ dns_c_ipmatchelement_delete(isc_mem_t *mem, dns_c_ipmatchelement_t **ipme) break; case dns_c_ipmatch_key: - isc_mem_free(mem, elem->u.key ); + isc_mem_free(mem, elem->u.key); break; case dns_c_ipmatch_acl: diff --git a/lib/dns/config/confkeys.c b/lib/dns/config/confkeys.c index a9658cd553..e8cd5bdb5a 100644 --- a/lib/dns/config/confkeys.c +++ b/lib/dns/config/confkeys.c @@ -15,7 +15,7 @@ * SOFTWARE. */ -/* $Id: confkeys.c,v 1.17 2000/03/30 17:25:14 brister Exp $ */ +/* $Id: confkeys.c,v 1.18 2000/04/07 13:35:04 brister Exp $ */ #include @@ -231,33 +231,30 @@ dns_c_kdeflist_print(FILE *fp, int indent, dns_c_kdeflist_t *list) isc_result_t -dns_c_kdef_new(dns_c_kdeflist_t *list, const char *name, - dns_c_kdef_t **keyid) +dns_c_kdef_new(isc_mem_t *mem, const char *name, dns_c_kdef_t **keyid) { dns_c_kdef_t *kd; - REQUIRE(DNS_C_KDEFLIST_VALID(list)); REQUIRE(keyid != NULL); REQUIRE(name != NULL); REQUIRE(*name != '\0'); - kd = isc_mem_get(list->mem, sizeof *kd); + kd = isc_mem_get(mem, sizeof *kd); if (kd == NULL) { return (ISC_R_NOMEMORY); } - kd->keyid = isc_mem_strdup(list->mem, name); + kd->keyid = isc_mem_strdup(mem, name); if (kd->keyid == NULL) { - isc_mem_put(list->mem, kd, sizeof *kd); + isc_mem_put(mem, kd, sizeof *kd); } kd->magic = DNS_C_KDEF_MAGIC; - kd->mylist = list; + kd->mem = mem; + kd->algorithm = NULL; kd->secret = NULL; - ISC_LIST_APPEND(list->keydefs, kd, next); - *keyid = kd; return (ISC_R_SUCCESS); @@ -275,7 +272,7 @@ dns_c_kdef_delete(dns_c_kdef_t **keydef) kd = *keydef; - mem = kd->mylist->mem; + mem = kd->mem; isc_mem_free(mem, kd->keyid); @@ -289,7 +286,7 @@ dns_c_kdef_delete(dns_c_kdef_t **keydef) kd->magic = 0; kd->keyid = NULL; - kd->mylist = NULL; + kd->mem = NULL; kd->algorithm = NULL; kd->secret = NULL; @@ -371,11 +368,10 @@ dns_c_kdef_setalgorithm(dns_c_kdef_t *keydef, const char *algorithm) REQUIRE(*algorithm != '\0'); if (keydef->algorithm != NULL) { - isc_mem_free(keydef->mylist->mem, keydef->algorithm); + isc_mem_free(keydef->mem, keydef->algorithm); } - keydef->algorithm = isc_mem_strdup(keydef->mylist->mem, - algorithm); + keydef->algorithm = isc_mem_strdup(keydef->mem, algorithm); if (keydef->algorithm == NULL) { return (ISC_R_NOMEMORY); } @@ -392,10 +388,10 @@ dns_c_kdef_setsecret(dns_c_kdef_t *keydef, const char *secret) REQUIRE(*secret != '\0'); if (keydef->secret != NULL) { - isc_mem_free(keydef->mylist->mem, keydef->secret); + isc_mem_free(keydef->mem, keydef->secret); } - keydef->secret = isc_mem_strdup(keydef->mylist->mem, secret); + keydef->secret = isc_mem_strdup(keydef->mem, secret); if (keydef->secret == NULL) { return (ISC_R_NOMEMORY); } @@ -467,10 +463,10 @@ keyid_delete(dns_c_kid_t **keyid) ki = *keyid; - isc_mem_free(ki->mylist->mem, ki->keyid); + isc_mem_free(ki->mem, ki->keyid); ki->magic = 0; - isc_mem_put(ki->mylist->mem, ki, sizeof *ki); + isc_mem_put(ki->mem, ki, sizeof *ki); *keyid = NULL; @@ -527,6 +523,16 @@ dns_c_kidlist_find(dns_c_kidlist_t *list, const char *keyid, } +void +dns_c_kidlist_append(dns_c_kidlist_t *list, dns_c_kid_t *keyid) +{ + REQUIRE(DNS_C_KEYIDLIST_VALID(list)); + REQUIRE(DNS_C_KEYID_VALID(keyid)); + + ISC_LIST_APPEND(list->keyids, keyid, next); +} + + void dns_c_kidlist_print(FILE *fp, int indent, dns_c_kidlist_t *list) @@ -560,26 +566,24 @@ dns_c_kidlist_print(FILE *fp, int indent, isc_result_t -dns_c_kid_new(dns_c_kidlist_t *list, const char *name, dns_c_kid_t **keyid) +dns_c_kid_new(isc_mem_t *mem, const char *name, dns_c_kid_t **keyid) { dns_c_kid_t *ki; - REQUIRE(DNS_C_KEYIDLIST_VALID(list)); REQUIRE(name != NULL); REQUIRE(*name != '\0'); REQUIRE(keyid != NULL); - ki = isc_mem_get(list->mem, sizeof *ki); + ki = isc_mem_get(mem, sizeof *ki); if (ki == NULL) { return (ISC_R_NOMEMORY); } ki->magic = DNS_C_KEYID_MAGIC; - ki->mylist = list; - ki->keyid = isc_mem_strdup(list->mem, name); + ki->mem = mem; + ki->keyid = isc_mem_strdup(mem, name); ISC_LINK_INIT(ki, next); - ISC_LIST_APPEND(list->keyids, ki, next); *keyid = ki; diff --git a/lib/dns/config/confndc.c b/lib/dns/config/confndc.c index 46fc842e8c..54a563dd73 100644 --- a/lib/dns/config/confndc.c +++ b/lib/dns/config/confndc.c @@ -15,7 +15,7 @@ * SOFTWARE. */ -/* $Id: confndc.c,v 1.7 2000/04/05 16:39:24 brister Exp $ */ +/* $Id: confndc.c,v 1.8 2000/04/07 13:35:04 brister Exp $ */ /* ** options { @@ -1258,9 +1258,10 @@ parse_keystmt(ndcpcontext *pctx, dns_c_kdeflist_t *keys) { if (result != ISC_R_SUCCESS) goto done; - result = dns_c_kdef_new(keys, keyname, &key); + result = dns_c_kdef_new(keys->mem, keyname, &key); if (result != ISC_R_SUCCESS) goto done; + dns_c_kdeflist_append(keys, key, ISC_FALSE); result = dns_c_kdef_setalgorithm(key, algorithm); if (result != ISC_R_SUCCESS) diff --git a/lib/dns/config/confparser.y b/lib/dns/config/confparser.y index 09f483b610..85181a2ee3 100644 --- a/lib/dns/config/confparser.y +++ b/lib/dns/config/confparser.y @@ -16,7 +16,7 @@ * SOFTWARE. */ -/* $Id: confparser.y,v 1.60 2000/04/06 20:12:26 brister Exp $ */ +/* $Id: confparser.y,v 1.61 2000/04/07 13:35:05 brister Exp $ */ #include @@ -79,6 +79,11 @@ struct confssu_s { struct confrdtype_s rdatatypes; }; +struct keydetails_s { + char *algorithm; + char *secret; +}; + /* All these statics are protected by the above yacc_mutex */ static dns_c_ctx_t *currcfg; @@ -127,6 +132,7 @@ static isc_boolean_t int_too_big(isc_uint32_t base, isc_uint32_t mult); struct in6_addr ip6_addr; isc_sockaddr_t ipaddress; + struct keydetails_s keydetails; struct confssu_s ssu; struct confrdtype_s rdatatypelist; dns_rdatatype_t rdatatype; @@ -339,7 +345,8 @@ static isc_boolean_t int_too_big(isc_uint32_t base, isc_uint32_t mult); %type class_name %type wild_class_name %type optional_class -%type check_names_opt; +%type check_names_opt +%type key_definition %type grant_stmt %type algorithm_id %type any_string @@ -2445,8 +2452,16 @@ address_match_element: address_match_simple | L_SEC_KEY L_STRING { dns_c_ipmatchelement_t *ime = NULL; + dns_c_view_t *view = dns_c_ctx_getcurrview(currcfg); + isc_boolean_t isdefined; + + if (view != NULL) { + isdefined = dns_c_view_keydefinedp(view, $2); + } else { + isdefined = dns_c_ctx_keydefinedp(currcfg, $2); + } - if (!dns_c_ctx_keydefinedp(currcfg, $2)) { + if (!isdefined) { parser_error(ISC_FALSE, "address match key element (%s) " "referenced before defined", $2); @@ -2677,62 +2692,90 @@ address_name: any_string */ -key_stmt: L_SEC_KEY any_string +key_stmt: L_SEC_KEY any_string L_LBRACE key_definition L_RBRACE { dns_c_kdef_t *keydef; + dns_c_view_t *view = dns_c_ctx_getcurrview(currcfg); + dns_c_kdeflist_t *list = NULL; - if (currcfg->keydefs == NULL) { + if (view == NULL) { + tmpres = dns_c_ctx_getkdeflist(currcfg, &list); + } else { + tmpres = dns_c_view_getkeydefs(view, &list); + } + + if (tmpres == ISC_R_NOTFOUND) { tmpres = dns_c_kdeflist_new(currcfg->mem, - &currcfg->keydefs); + &list); if (tmpres != ISC_R_SUCCESS) { parser_error(ISC_FALSE, "failed to create keylist"); + isc_mem_free(memctx, $2); + isc_mem_free(memctx, $4.algorithm); + isc_mem_free(memctx, $4.secret); + + YYABORT; + } + + if (view == NULL) { + tmpres = dns_c_ctx_setkdeflist(currcfg, + list, + ISC_FALSE); + } else { + tmpres = dns_c_view_setkeydefs(view, list); + } + + if (tmpres != ISC_R_SUCCESS) { + parser_error(ISC_FALSE, + "failed to set keylist"); + dns_c_kdeflist_delete(&list); + isc_mem_free(memctx, $2); + isc_mem_free(memctx, $4.algorithm); + isc_mem_free(memctx, $4.secret); + YYABORT; } } - tmpres = dns_c_kdef_new(currcfg->keydefs, - $2, &keydef); + tmpres = dns_c_kdef_new(currcfg->mem, $2, &keydef); if (tmpres != ISC_R_SUCCESS) { - parser_error(ISC_FALSE, - "failed to create key definition"); + parser_error(ISC_FALSE, "failed to create key"); + isc_mem_free(memctx, $2); + isc_mem_free(memctx, $4.algorithm); + isc_mem_free(memctx, $4.secret); YYABORT; } + tmpres = dns_c_kdef_setalgorithm(keydef, $4.algorithm); + if (tmpres == ISC_R_SUCCESS) { + tmpres = dns_c_kdef_setsecret(keydef, $4.secret); + } + + if (tmpres != ISC_R_SUCCESS) { + parser_error(ISC_FALSE, + "failed to set key details."); + isc_mem_free(memctx, $2); + isc_mem_free(memctx, $4.algorithm); + isc_mem_free(memctx, $4.secret); + } + + dns_c_kdeflist_append(list, keydef, ISC_FALSE); + isc_mem_free(memctx, $2); + isc_mem_free(memctx, $4.algorithm); + isc_mem_free(memctx, $4.secret); } - L_LBRACE key_definition L_RBRACE ; key_definition: algorithm_id secret { - dns_c_kdef_t *keydef; - - INSIST(currcfg->keydefs != NULL); - - keydef = ISC_LIST_TAIL(currcfg->keydefs->keydefs); - INSIST(keydef != NULL); - - dns_c_kdef_setalgorithm(keydef, $1); - dns_c_kdef_setsecret(keydef, $2); - - isc_mem_free(memctx, $1); - isc_mem_free(memctx, $2); + $$.algorithm = $1; + $$.secret = $2; } | secret algorithm_id { - dns_c_kdef_t *keydef; - - INSIST(currcfg->keydefs != NULL); - - keydef = ISC_LIST_TAIL(currcfg->keydefs->keydefs); - INSIST(keydef != NULL); - - dns_c_kdef_setsecret(keydef, $1); - dns_c_kdef_setalgorithm(keydef, $2); - - isc_mem_free(memctx, $1); - isc_mem_free(memctx, $2); + $$.algorithm = $2; + $$.secret = $1; } ; @@ -3274,6 +3317,7 @@ view_option: L_FORWARD zone_forward_opt YYABORT; } } + | key_stmt | zone_stmt ; diff --git a/lib/dns/config/confview.c b/lib/dns/config/confview.c index 4ece4c59e2..64b78cbc04 100644 --- a/lib/dns/config/confview.c +++ b/lib/dns/config/confview.c @@ -15,7 +15,7 @@ * SOFTWARE. */ -/* $Id: confview.c,v 1.19 2000/04/06 10:35:26 brister Exp $ */ +/* $Id: confview.c,v 1.20 2000/04/07 13:35:06 brister Exp $ */ #include @@ -503,6 +503,7 @@ dns_c_view_new(isc_mem_t *mem, const char *name, dns_rdataclass_t viewclass, view->max_ncache_ttl = NULL; view->transfer_format = NULL; + view->keydefs = NULL; #if 0 view->max_transfer_time_in = NULL; @@ -671,6 +672,11 @@ dns_c_view_print(FILE *fp, int indent, dns_c_view_t *view) } + if (view->keydefs != NULL) { + dns_c_kdeflist_print(fp, indent + 1, view->keydefs); + } + + #if 0 PRINT_INT32(max_transfer_time_in, "max-transfer-time-in"); PRINT_INT32(max_transfer_idle_in, "max-transfer-idle-in"); @@ -771,6 +777,8 @@ dns_c_view_delete(dns_c_view_t **viewptr) FREEFIELD(transfer_format); + dns_c_view_unsetkeydefs(view); + #if 0 FREEFIELD(max_transfer_time_in); FREEFIELD(max_transfer_idle_in); @@ -785,7 +793,28 @@ dns_c_view_delete(dns_c_view_t **viewptr) return (ISC_R_SUCCESS); } + +isc_boolean_t +dns_c_view_keydefinedp(dns_c_view_t *view, const char *keyname) +{ + dns_c_kdef_t *keyid; + isc_result_t res; + isc_boolean_t rval = ISC_FALSE; + + REQUIRE(DNS_C_VIEW_VALID(view)); + REQUIRE(keyname != NULL); + REQUIRE(*keyname != '\0'); + if (view->keydefs != NULL) { + res = dns_c_kdeflist_find(view->keydefs, keyname, &keyid); + if (res == ISC_R_SUCCESS) { + rval = ISC_TRUE; + } + } + + return rval; +} + isc_result_t dns_c_view_getname(dns_c_view_t *view, const char **retval) { @@ -1125,7 +1154,54 @@ dns_c_view_unsetchecknames(dns_c_view_t *view, } - +isc_result_t +dns_c_view_getkeydefs(dns_c_view_t *view, dns_c_kdeflist_t **retval) +{ + REQUIRE(DNS_C_VIEW_VALID(view)); + REQUIRE(retval != NULL); + + *retval = view->keydefs; + + if (view->keydefs == NULL) { + return (ISC_R_NOTFOUND); + } else { + return (ISC_R_SUCCESS); + } +} + + +isc_result_t +dns_c_view_setkeydefs(dns_c_view_t *view, dns_c_kdeflist_t *newval) +{ + REQUIRE(DNS_C_VIEW_VALID(view)); + REQUIRE(DNS_C_KDEFLIST_VALID(newval)); + + if (view->keydefs != NULL) { + dns_c_view_unsetkeydefs(view); + } + + view->keydefs = newval; + + return (ISC_R_SUCCESS); +} + + +isc_result_t +dns_c_view_unsetkeydefs(dns_c_view_t *view) +{ + REQUIRE(DNS_C_VIEW_VALID(view)); + + if (view->keydefs != NULL) { + dns_c_kdeflist_delete(&view->keydefs); + view->keydefs = NULL; + return (ISC_R_SUCCESS); + } else { + return (ISC_R_NOTFOUND); + } +} + + + GETIPMLIST(allowquery, allowquery) SETIPMLIST(allowquery, allowquery) UNSETIPMLIST(allowquery, allowquery) diff --git a/lib/dns/include/dns/confkeys.h b/lib/dns/include/dns/confkeys.h index 39d9e1d38c..8303397e8b 100644 --- a/lib/dns/include/dns/confkeys.h +++ b/lib/dns/include/dns/confkeys.h @@ -143,7 +143,7 @@ struct dns_c_pklist struct dns_c_kdef { isc_uint32_t magic; - dns_c_kdeflist_t *mylist; + isc_mem_t *mem; char *keyid; char *algorithm; @@ -167,7 +167,7 @@ struct dns_c_kdef_list struct dns_c_kid { isc_uint32_t magic; - dns_c_kidlist_t *mylist; + isc_mem_t *mem; char *keyid; ISC_LINK(dns_c_kid_t) next; @@ -230,11 +230,16 @@ isc_result_t dns_c_kidlist_undef(dns_c_kidlist_t *list, isc_result_t dns_c_kidlist_find(dns_c_kidlist_t *list, const char *keyid, dns_c_kid_t **retval); +void dns_c_kidlist_append(dns_c_kidlist_t *list, + dns_c_kid_t *keyid); void dns_c_kidlist_print(FILE *fp, int indent, dns_c_kidlist_t *list); -isc_result_t dns_c_kid_new(dns_c_kidlist_t *list, const char *name, +isc_result_t dns_c_kid_new(isc_mem_t *mem, const char *name, dns_c_kid_t **keyid); + + + isc_result_t dns_c_kdeflist_new(isc_mem_t *mem, dns_c_kdeflist_t **list); isc_result_t dns_c_kdeflist_delete(dns_c_kdeflist_t **list); @@ -252,7 +257,7 @@ isc_result_t dns_c_kdeflist_find(dns_c_kdeflist_t *list, void dns_c_kdeflist_print(FILE *fp, int indent, dns_c_kdeflist_t *list); -isc_result_t dns_c_kdef_new(dns_c_kdeflist_t *list, const char *name, +isc_result_t dns_c_kdef_new(isc_mem_t *mem, const char *name, dns_c_kdef_t **keyid); isc_result_t dns_c_kdef_delete(dns_c_kdef_t **keydef); isc_result_t dns_c_kdef_copy(isc_mem_t *mem, diff --git a/lib/dns/include/dns/confview.h b/lib/dns/include/dns/confview.h index 54d6130f74..f5306fb933 100644 --- a/lib/dns/include/dns/confview.h +++ b/lib/dns/include/dns/confview.h @@ -148,6 +148,8 @@ struct dns_c_view dns_transfer_format_t *transfer_format; + dns_c_kdeflist_t *keydefs; + #if 0 /* * To implement later. @@ -187,6 +189,14 @@ isc_result_t dns_c_viewtable_checkviews(dns_c_viewtable_t *viewtable); +/* NOTE: For the various get* functions. The caller must not delete the + * refutned value. + * + * - For functions where retval is a dns_c_ipmatchlist_t + * (e.g. dns_c_view_getallowquery) the caller must call + * dns_c_ipmatcglist_detach() when finished with retval). + * + */ isc_result_t dns_c_view_new(isc_mem_t *mem, const char *name, dns_rdataclass_t viewclass, @@ -194,6 +204,9 @@ isc_result_t dns_c_view_new(isc_mem_t *mem, const char *name, isc_result_t dns_c_view_delete(dns_c_view_t **viewptr); void dns_c_view_print(FILE *fp, int indent, dns_c_view_t *view); +isc_boolean_t dns_c_view_keydefinedp(dns_c_view_t *view, + const char *keyname); + isc_result_t dns_c_view_getname(dns_c_view_t *view, const char **retval); @@ -223,50 +236,49 @@ isc_result_t dns_c_view_getforwarders(dns_c_view_t *view, isc_result_t dns_c_view_getallowquery(dns_c_view_t *view, - dns_c_ipmatchlist_t **rval); + dns_c_ipmatchlist_t **retval); isc_result_t dns_c_view_setallowquery(dns_c_view_t *view, dns_c_ipmatchlist_t *newval); isc_result_t dns_c_view_unsetallowquery(dns_c_view_t *view); - isc_result_t dns_c_view_getallowupdateforwarding(dns_c_view_t *view, - dns_c_ipmatchlist_t **rval); + dns_c_ipmatchlist_t **retval); isc_result_t dns_c_view_setallowupdateforwarding(dns_c_view_t *view, dns_c_ipmatchlist_t *newval); isc_result_t dns_c_view_unsetallowupdateforwarding(dns_c_view_t *view); isc_result_t dns_c_view_gettransferacl(dns_c_view_t *view, - dns_c_ipmatchlist_t **rval); + dns_c_ipmatchlist_t **retval); isc_result_t dns_c_view_settransferacl(dns_c_view_t *view, dns_c_ipmatchlist_t *newval); isc_result_t dns_c_view_unsettransferacl(dns_c_view_t *view); isc_result_t dns_c_view_getrecursionacl(dns_c_view_t *view, - dns_c_ipmatchlist_t **rval); + dns_c_ipmatchlist_t **retval); isc_result_t dns_c_view_setrecursionacl(dns_c_view_t *view, dns_c_ipmatchlist_t *newval); isc_result_t dns_c_view_unsetrecursionacl(dns_c_view_t *view); isc_result_t dns_c_view_getsortlist(dns_c_view_t *view, - dns_c_ipmatchlist_t **rval); + dns_c_ipmatchlist_t **retval); isc_result_t dns_c_view_setsortlist(dns_c_view_t *view, dns_c_ipmatchlist_t *newval); isc_result_t dns_c_view_unsetsortlist(dns_c_view_t *view); isc_result_t dns_c_view_gettopology(dns_c_view_t *view, - dns_c_ipmatchlist_t **rval); + dns_c_ipmatchlist_t **retval); isc_result_t dns_c_view_settopology(dns_c_view_t *view, dns_c_ipmatchlist_t *newval); isc_result_t dns_c_view_unsettopology(dns_c_view_t *view); isc_result_t dns_c_view_getmatchclients(dns_c_view_t *view, - dns_c_ipmatchlist_t **rval); + dns_c_ipmatchlist_t **retval); isc_result_t dns_c_view_setmatchclients(dns_c_view_t *view, dns_c_ipmatchlist_t *newval); isc_result_t dns_c_view_unsetmatchclients(dns_c_view_t *view); @@ -419,7 +431,12 @@ isc_result_t dns_c_view_gettransferformat(dns_c_view_t *view, isc_result_t dns_c_view_unsettransferformat(dns_c_view_t *cfg); - +/* Caller must not delete retval */ +isc_result_t dns_c_view_getkeydefs(dns_c_view_t *view, + dns_c_kdeflist_t **retval); +isc_result_t dns_c_view_setkeydefs(dns_c_view_t *view, + dns_c_kdeflist_t *newval); +isc_result_t dns_c_view_unsetkeydefs(dns_c_view_t *view);