mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

2712. [func] New 'auto-dnssec' zone option allows zone signing

Browse Source 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
This commit is contained in:
Evan Hunt
2009-10-12 20:48:12 +00:00
parent 6a90baa0d5
commit 77b8f88f14
28 changed files with 1093 additions and 448 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
lib/dns/dst_api.c
View File

@@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.40 2009/10/12 09:03:06 marka Exp $
* $Id: dst_api.c,v 1.41 2009/10/12 20:48:12 each Exp $
*/
/*! \file */
@@ -930,6 +930,8 @@ pub_compare(const dst_key_t *key1, const dst_key_t *key2) {
return (ISC_FALSE);
/* Zero out flags. */
buf1[0] = buf1[1] = 0;
if ((key1->key_flags & DNS_KEYFLAG_EXTENDED) != 0)
isc_buffer_subtract(&b1, 2);
isc_buffer_init(&b2, buf2, sizeof(buf2));
result = dst_key_todns(key2, &b2);
@@ -937,6 +939,8 @@ pub_compare(const dst_key_t *key1, const dst_key_t *key2) {
return (ISC_FALSE);
/* Zero out flags. */
buf2[0] = buf2[1] = 0;
if ((key2->key_flags & DNS_KEYFLAG_EXTENDED) != 0)
isc_buffer_subtract(&b2, 2);
isc_buffer_usedregion(&b1, &r1);
/* Remove extended flags. */
@@ -1088,6 +1092,27 @@ dst_key_secretsize(const dst_key_t *key, unsigned int *n) {
return (ISC_R_SUCCESS);
}
/*%
* Set the flags on a key, then recompute the key ID
*/
isc_result_t
dst_key_setflags(dst_key_t *key, isc_uint32_t flags) {
REQUIRE(VALID_KEY(key));
key->key_flags = flags;
return (computeid(key));
}
void
dst_key_format(dst_key_t *key, char *cp, unsigned int size) {
char namestr[DNS_NAME_FORMATSIZE];
char algstr[DNS_NAME_FORMATSIZE];
dns_name_format(dst_key_name(key), namestr, sizeof(namestr));
dns_secalg_format((dns_secalg_t) dst_key_alg(key), algstr,
sizeof(algstr));
snprintf(cp, size, "%s/%s/%d", namestr, algstr, dst_key_id(key));
}
/***
*** Static methods
***/
@@ -1265,16 +1290,6 @@ dst_key_read_public(const char *filename, int type,
return (ret);
}
/*%
* Set the flags on a key, then recompute the key ID
*/
isc_result_t
dst_key_setflags(dst_key_t *key, isc_uint32_t flags) {
REQUIRE(VALID_KEY(key));
key->key_flags = flags;
return (computeid(key));
}
static isc_boolean_t
issymmetric(const dst_key_t *key) {
REQUIRE(dst_initialized == ISC_TRUE);