mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-01 23:25:38 +00:00
configuration failed when trusted-keys statement was missing
This commit is contained in:
Andreas Gustafsson
@@ -206,71 +206,75 @@ configure_view_dnsseckeys(dns_c_ctx_t *cctx,
|
|||||||
dns_keytable_t *keytable = NULL;
|
dns_keytable_t *keytable = NULL;
|
||||||
dst_key_t *dstkey = NULL;
|
dst_key_t *dstkey = NULL;
|
||||||
|
|
||||||
CHECK((*cget)(cctx, &ckeys));
|
|
||||||
|
|
||||||
CHECK(dns_keytable_create(mctx, &keytable));
|
CHECK(dns_keytable_create(mctx, &keytable));
|
||||||
|
|
||||||
for (ckey = ISC_LIST_HEAD(ckeys->tkeylist);
|
result = (*cget)(cctx, &ckeys);
|
||||||
ckey != NULL;
|
if (result == ISC_R_SUCCESS) {
|
||||||
ckey = ISC_LIST_NEXT(ckey, next))
|
for (ckey = ISC_LIST_HEAD(ckeys->tkeylist);
|
||||||
{
|
ckey != NULL;
|
||||||
dns_rdataclass_t viewclass;
|
ckey = ISC_LIST_NEXT(ckey, next))
|
||||||
dns_rdata_generic_key_t keystruct;
|
{
|
||||||
isc_int32_t flags, proto, alg;
|
dns_rdataclass_t viewclass;
|
||||||
unsigned char keydata[4096];
|
dns_rdata_generic_key_t keystruct;
|
||||||
isc_buffer_t keydatabuf;
|
isc_int32_t flags, proto, alg;
|
||||||
unsigned char rrdata[4096];
|
unsigned char keydata[4096];
|
||||||
isc_buffer_t rrdatabuf;
|
isc_buffer_t keydatabuf;
|
||||||
isc_region_t r;
|
unsigned char rrdata[4096];
|
||||||
|
isc_buffer_t rrdatabuf;
|
||||||
if (cview == NULL)
|
isc_region_t r;
|
||||||
viewclass = dns_rdataclass_in;
|
|
||||||
else
|
if (cview == NULL)
|
||||||
CHECK(dns_c_view_getviewclass(cview, &viewclass));
|
viewclass = dns_rdataclass_in;
|
||||||
keystruct.common.rdclass = viewclass;
|
else
|
||||||
keystruct.common.rdtype = dns_rdatatype_key;
|
CHECK(dns_c_view_getviewclass(cview,
|
||||||
/*
|
&viewclass));
|
||||||
* The key data in keystruct is not really
|
keystruct.common.rdclass = viewclass;
|
||||||
* dynamically allocated, but dns_rdata_fromstruct()
|
keystruct.common.rdtype = dns_rdatatype_key;
|
||||||
* requires that there is a valid mctx anyway.
|
/*
|
||||||
*/
|
* The key data in keystruct is not really
|
||||||
keystruct.mctx = mctx;
|
* dynamically allocated, but dns_rdata_fromstruct()
|
||||||
|
* requires that there is a valid mctx anyway.
|
||||||
ISC_LINK_INIT(&keystruct.common, link);
|
*/
|
||||||
|
keystruct.mctx = mctx;
|
||||||
flags = ckey->pubkey->flags;
|
|
||||||
proto = ckey->pubkey->protocol;
|
ISC_LINK_INIT(&keystruct.common, link);
|
||||||
alg = ckey->pubkey->algorithm;
|
|
||||||
if (flags < 0 || flags > 0xffff)
|
flags = ckey->pubkey->flags;
|
||||||
CHECKM(DNS_R_RANGE, "key flags");
|
proto = ckey->pubkey->protocol;
|
||||||
if (proto < 0 || proto > 0xff)
|
alg = ckey->pubkey->algorithm;
|
||||||
CHECKM(DNS_R_RANGE, "key protocol");
|
if (flags < 0 || flags > 0xffff)
|
||||||
if (alg < 0 || alg > 0xff)
|
CHECKM(DNS_R_RANGE, "key flags");
|
||||||
CHECKM(DNS_R_RANGE, "key algorithm");
|
if (proto < 0 || proto > 0xff)
|
||||||
keystruct.flags = flags;
|
CHECKM(DNS_R_RANGE, "key protocol");
|
||||||
keystruct.protocol = proto;
|
if (alg < 0 || alg > 0xff)
|
||||||
keystruct.algorithm = alg;
|
CHECKM(DNS_R_RANGE, "key algorithm");
|
||||||
|
keystruct.flags = flags;
|
||||||
isc_buffer_init(&keydatabuf, keydata, sizeof(keydata),
|
keystruct.protocol = proto;
|
||||||
ISC_BUFFERTYPE_BINARY);
|
keystruct.algorithm = alg;
|
||||||
isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata),
|
|
||||||
ISC_BUFFERTYPE_BINARY);
|
isc_buffer_init(&keydatabuf, keydata, sizeof(keydata),
|
||||||
|
ISC_BUFFERTYPE_BINARY);
|
||||||
CHECK(base64_cstring_tobuffer(mctx, ckey->pubkey->key,
|
isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata),
|
||||||
&keydatabuf));
|
ISC_BUFFERTYPE_BINARY);
|
||||||
isc_buffer_used(&keydatabuf, &r);
|
|
||||||
keystruct.datalen = r.length;
|
CHECK(base64_cstring_tobuffer(mctx, ckey->pubkey->key,
|
||||||
keystruct.data = r.base;
|
&keydatabuf));
|
||||||
|
isc_buffer_used(&keydatabuf, &r);
|
||||||
CHECK(dns_rdata_fromstruct(NULL, keystruct.common.rdclass,
|
keystruct.datalen = r.length;
|
||||||
keystruct.common.rdtype,
|
keystruct.data = r.base;
|
||||||
&keystruct, &rrdatabuf));
|
|
||||||
CHECK(dst_key_fromdns(ckey->domain, &rrdatabuf, mctx, &dstkey));
|
CHECK(dns_rdata_fromstruct(NULL, keystruct.common.rdclass,
|
||||||
|
keystruct.common.rdtype,
|
||||||
CHECK(dns_keytable_add(keytable, &dstkey));
|
&keystruct, &rrdatabuf));
|
||||||
INSIST(dstkey == NULL);
|
CHECK(dst_key_fromdns(ckey->domain, &rrdatabuf, mctx,
|
||||||
}
|
&dstkey));
|
||||||
|
|
||||||
|
CHECK(dns_keytable_add(keytable, &dstkey));
|
||||||
|
INSIST(dstkey == NULL);
|
||||||
|
}
|
||||||
|
} else if (result != ISC_R_NOTFOUND)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
dns_keytable_detach(target);
|
dns_keytable_detach(target);
|
||||||
*target = keytable; /* Transfer ownership. */
|
*target = keytable; /* Transfer ownership. */
|
||||||
keytable = NULL;
|
keytable = NULL;
|
||||||
|
|||||||
Reference in New Issue
Block a user