further dns_tsigkey API tweaks

- remove the 'ring' parameter from dns_tsigkey_createfromkey(), and use dns_tsigkeyring_add() to add key objects to a keyring instead. - add a magic number to dns_tsigkeyring_t - change dns_tsigkeyring_dumpanddetach() to dns_tsigkeyring_dump(); we now call dns_tsigkeyring_detach() separately. - remove 'maxgenerated' from dns_tsigkeyring_t since it never changes.
2025-08-31 06:25:31 +00:00 · 2023-04-11 16:10:07 -07:00
parent 404a13b4dd
commit a6e187a8d5
6 changed files with 98 additions and 116 deletions
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -265,7 +265,8 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
 #endif /* HAVE_GSSAPI */
 		RETERR(dns_tsigkey_createfromkey(
 			name, &tkeyin->algorithm, dstkey, true, false,
-			principal, now, expire, ring->mctx, ring, &tsigkey));
+			principal, now, expire, ring->mctx, &tsigkey));
+		RETERR(dns_tsigkeyring_add(ring, name, tsigkey));
 		dst_key_free(&dstkey);
 		tkeyout->inception = now;
 		tkeyout->expire = expire;
@@ -732,13 +733,14 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
 		      dns_tsigkey_t **outkey, dns_tsigkeyring_t *ring,
 		      char **err_message) {
 	dns_rdata_t rtkeyrdata = DNS_RDATA_INIT, qtkeyrdata = DNS_RDATA_INIT;
-	dns_name_t *tkeyname;
+	dns_name_t *tkeyname = NULL;
 	dns_rdata_tkey_t rtkey, qtkey, tkey;
 	isc_buffer_t intoken, outtoken;
 	dst_key_t *dstkey = NULL;
 	isc_result_t result;
 	unsigned char array[TEMP_BUFFER_SZ];
 	bool freertkey = false;
+	dns_tsigkey_t *tsigkey = NULL;

 	REQUIRE(qmsg != NULL);
 	REQUIRE(rmsg != NULL);
@@ -814,9 +816,16 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
 	 * anything yet.
 	 */

-	RETERR(dns_tsigkey_createfromkey(
-		tkeyname, DNS_TSIG_GSSAPI_NAME, dstkey, true, false, NULL,
-		rtkey.inception, rtkey.expire, ring->mctx, ring, outkey));
+	RETERR(dns_tsigkey_createfromkey(tkeyname, DNS_TSIG_GSSAPI_NAME, dstkey,
+					 true, false, NULL, rtkey.inception,
+					 rtkey.expire, ring->mctx, &tsigkey));
+	RETERR(dns_tsigkeyring_add(ring, tkeyname, tsigkey));
+	if (outkey == NULL) {
+		dns_tsigkey_detach(&tsigkey);
+	} else {
+		*outkey = tsigkey;
+	}
+
 	dst_key_free(&dstkey);
 	dns_rdata_freestruct(&rtkey);
 	return (result);
@@ -825,6 +834,9 @@ failure:
 	/*
 	 * XXXSRA This probably leaks memory from qtkey.
 	 */
+	if (tsigkey != NULL) {
+		dns_tsigkey_detach(&tsigkey);
+	}
 	if (freertkey) {
 		dns_rdata_freestruct(&rtkey);
 	}