tls and http configuration code was unnecessarily complex

removed the isc_cfg_http_t and isc_cfg_tls_t structures and the functions that loaded and accessed them; this can be done using normal config parser functions.
2025-08-30 05:57:52 +00:00 · 2021-02-02 22:05:00 -08:00 · 2021-02-02 22:05:00 -08:00 · aa9d51c494
commit aa9d51c494
parent 1cc24a2c8b
7 changed files with 114 additions and 637 deletions
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -101,10 +101,8 @@
 #include <dst/result.h>
 #include <isccfg/grammar.h>
 #include <isccfg/httpconf.h>
 #include <isccfg/kaspconf.h>
 #include <isccfg/namedconf.h>
 #include <isccfg/tlsconf.h>
 #include <ns/client.h>
 #include <ns/hooks.h>
@ -400,23 +398,18 @@ static void
 named_server_reload(isc_task_t *task, isc_event_t *event);
 static isc_result_t
-ns_listenelt_from_http(isc_cfg_http_obj_t *http, isc_cfg_tls_obj_t *tls,
+listenelt_http(const cfg_obj_t *http, const char *key, const char *cert,
-		       in_port_t port, isc_mem_t *mctx,
+	       in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target);
 		       ns_listenelt_t **target);
 static isc_result_t
-ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
+listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
-			cfg_aclconfctx_t *actx, isc_mem_t *mctx,
+		     cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family,
-			uint16_t family, isc_cfg_http_storage_t *http_servers,
+		     ns_listenelt_t **target);
 			isc_cfg_tls_data_storage_t *tls_storage,
 			ns_listenelt_t **target);
 static isc_result_t
-ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
+listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
-			 cfg_aclconfctx_t *actx, isc_mem_t *mctx,
+		      cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family,
-			 uint16_t family, isc_cfg_http_storage_t *http_servers,
+		      ns_listenlist_t **target);
 			 isc_cfg_tls_data_storage_t *tls_storage,
 			 ns_listenlist_t **target);
 static isc_result_t
 configure_forward(const cfg_obj_t *config, dns_view_t *view,
@ -8517,8 +8510,6 @@ load_configuration(const char *filename, named_server_t *server,
 	unsigned int initial, idle, keepalive, advertised;
 	dns_aclenv_t *env =
 		ns_interfacemgr_getaclenv(named_g_server->interfacemgr);
 	isc_cfg_tls_data_storage_t tls_storage;
 	isc_cfg_http_storage_t http_storage;
 	ISC_LIST_INIT(kasplist);
 	ISC_LIST_INIT(viewlist);
@ -8526,9 +8517,6 @@ load_configuration(const char *filename, named_server_t *server,
 	ISC_LIST_INIT(cachelist);
 	ISC_LIST_INIT(altsecrets);
 	cfg_tls_storage_init(named_g_mctx, &tls_storage);
 	cfg_http_storage_init(named_g_mctx, &http_storage);
 	/* Create the ACL configuration context */
 	if (named_g_aclconfctx != NULL) {
 		cfg_aclconfctx_detach(&named_g_aclconfctx);
@ -8600,9 +8588,6 @@ load_configuration(const char *filename, named_server_t *server,
 	INSIST(result == ISC_R_SUCCESS);
 	named_g_httpsport = (in_port_t)cfg_obj_asuint32(obj);
 	CHECK(cfg_tls_storage_load(config, &tls_storage));
 	CHECK(cfg_http_storage_load(config, &http_storage));
 	/*
 	 * If bind.keys exists, load it.  If "dnssec-validation auto"
 	 * is turned on, the root key found there will be used as a
@ -9019,10 +9004,9 @@ load_configuration(const char *filename, named_server_t *server,
 		}
 		if (clistenon != NULL) {
 			/* check return code? */
-			(void)ns_listenlist_fromconfig(
+			(void)listenlist_fromconfig(
 				clistenon, config, named_g_aclconfctx,
-				named_g_mctx, AF_INET, &http_storage,
+				named_g_mctx, AF_INET, &listenon);
 				&tls_storage, &listenon);
 		} else {
 			/*
 			 * Not specified, use default.
@ -9048,10 +9032,9 @@ load_configuration(const char *filename, named_server_t *server,
 		}
 		if (clistenon != NULL) {
 			/* check return code? */
-			(void)ns_listenlist_fromconfig(
+			(void)listenlist_fromconfig(
 				clistenon, config, named_g_aclconfctx,
-				named_g_mctx, AF_INET6, &http_storage,
+				named_g_mctx, AF_INET6, &listenon);
 				&tls_storage, &listenon);
 		} else {
 			/*
 			 * Not specified, use default.
@ -9812,9 +9795,6 @@ cleanup:
 		isc_task_endexclusive(server->task);
 	}
 	cfg_http_storage_uninit(&http_storage);
 	cfg_tls_storage_uninit(&tls_storage);
 	isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
 		      NAMED_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
 		      "load_configuration: %s", isc_result_totext(result));
@ -11020,11 +11000,9 @@ named_server_togglequerylog(named_server_t *server, isc_lex_t *lex) {
 }
 static isc_result_t
-ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
+listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
-			 cfg_aclconfctx_t *actx, isc_mem_t *mctx,
+		      cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family,
-			 uint16_t family, isc_cfg_http_storage_t *http_servers,
+		      ns_listenlist_t **target) {
 			 isc_cfg_tls_data_storage_t *tls_storage,
 			 ns_listenlist_t **target) {
 	isc_result_t result;
 	const cfg_listelt_t *element;
 	ns_listenlist_t *dlist = NULL;
@ -11041,9 +11019,8 @@ ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
 	{
 		ns_listenelt_t *delt = NULL;
 		const cfg_obj_t *listener = cfg_listelt_value(element);
-		result = ns_listenelt_fromconfig(listener, config, actx, mctx,
+		result = listenelt_fromconfig(listener, config, actx, mctx,
-						 family, http_servers,
+					      family, &delt);
 						 tls_storage, &delt);
 		if (result != ISC_R_SUCCESS) {
 			goto cleanup;
 		}
@ -11057,67 +11034,98 @@ cleanup:
 	return (result);
 }
 static const cfg_obj_t *
 find_maplist(const cfg_obj_t *config, const char *listname, const char *name) {
 	isc_result_t result;
 	const cfg_obj_t *maplist = NULL;
 	const cfg_listelt_t *elt = NULL;
 	REQUIRE(config != NULL);
 	REQUIRE(name != NULL);
 	result = cfg_map_get(config, listname, &maplist);
 	if (result != ISC_R_SUCCESS) {
 		return (NULL);
 	}
 	for (elt = cfg_list_first(maplist); elt != NULL;
 	     elt = cfg_list_next(elt)) {
 		const cfg_obj_t *map = cfg_listelt_value(elt);
 		if (strcasecmp(cfg_obj_asstring(cfg_map_getname(map)), name) ==
 		    0) {
 			return (map);
 		}
 	}
 	return (NULL);
 }
 /*
 * Create a listen list from the corresponding configuration
 * data structure.
 */
 static isc_result_t
-ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
+listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
-			cfg_aclconfctx_t *actx, isc_mem_t *mctx,
+		     cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family,
-			uint16_t family, isc_cfg_http_storage_t *http_servers,
+		     ns_listenelt_t **target) {
 			isc_cfg_tls_data_storage_t *tls_storage,
 			ns_listenelt_t **target) {
 	isc_result_t result;
-	const cfg_obj_t *tlsobj, *portobj, *dscpobj, *httpobj;
+	const cfg_obj_t *tlsobj = NULL, *httpobj = NULL;
 	const cfg_obj_t *portobj = NULL, *dscpobj = NULL;
 	const cfg_obj_t *http_server = NULL;
 	in_port_t port = 0;
 	isc_dscp_t dscp = -1;
 	const char *key = NULL, *cert = NULL;
-	bool tls = false, http = false;
+	bool do_tls = false, http = false;
 	ns_listenelt_t *delt = NULL;
-	isc_cfg_http_obj_t *http_server = NULL;
+
 	isc_cfg_tls_obj_t *tls_cert = NULL;
 	REQUIRE(target != NULL && *target == NULL);
 	/* XXXWPK TODO be more verbose on failures. */
 	tlsobj = cfg_tuple_get(listener, "tls");
 	if (tlsobj != NULL && cfg_obj_isstring(tlsobj)) {
-		if (!strcmp(cfg_obj_asstring(tlsobj), "ephemeral")) {
+		const char *tlsname = cfg_obj_asstring(tlsobj);
-			tls = true;
+
-		} else {
+		if (strcmp(tlsname, "ephemeral") != 0) {
-			tls_cert = cfg_tls_storage_find(
+			const cfg_obj_t *keyobj = NULL, *certobj = NULL;
-				cfg_obj_asstring(tlsobj), tls_storage);
+			const cfg_obj_t *tlsmap = NULL;
-			if (tls_cert != NULL) {
+
-				tls = true;
+			tlsmap = find_maplist(config, "tls", tlsname);
-				key = tls_cert->key_file;
+			if (tlsmap == NULL) {
-				cert = tls_cert->cert_file;
+				return (ISC_R_FAILURE);
 				INSIST(key != NULL);
 				INSIST(cert != NULL);
 			}
 			CHECK(cfg_map_get(tlsmap, "key-file", &keyobj));
 			key = cfg_obj_asstring(keyobj);
 			CHECK(cfg_map_get(tlsmap, "cert-file", &certobj));
 			cert = cfg_obj_asstring(certobj);
 		}
-		if (!tls) {
+
-			return (ISC_R_FAILURE);
+		do_tls = true;
 		}
 	}
 	httpobj = cfg_tuple_get(listener, "http");
 	if (httpobj != NULL && cfg_obj_isstring(httpobj)) {
-		if (tls && tls_cert == NULL) {
+		const char *httpname = cfg_obj_asstring(httpobj);
 		if (do_tls && key == NULL) {
 			return (ISC_R_FAILURE);
 		}
-		http = true;
+
-		http_server = cfg_http_find(cfg_obj_asstring(httpobj),
+		http_server = find_maplist(config, "http", httpname);
 					    http_servers);
 		if (http_server == NULL) {
-			isc_log_write(
+			cfg_obj_log(httpobj, named_g_lctx, ISC_LOG_ERROR,
-				named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+				    "http '%s' is not defined",
-				NAMED_LOGMODULE_SERVER, ISC_LOG_WARNING,
+				    cfg_obj_asstring(httpobj));
 				"HTTP(S) server \"%s\" is nowhere to be found",
 				cfg_obj_asstring(httpobj));
 			return (ISC_R_FAILURE);
 		}
 		http = true;
 	}
 	portobj = cfg_tuple_get(listener, "port");
 	if (!cfg_obj_isuint32(portobj)) {
-		if (http && tls) {
+		if (http && do_tls) {
 			if (named_g_httpsport != 0) {
 				port = named_g_httpsport;
 			} else {
@ -11127,7 +11135,7 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
 					return (result);
 				}
 			}
-		} else if (http && !tls) {
+		} else if (http && !do_tls) {
 			if (named_g_httpport != 0) {
 				port = named_g_port;
 			} else {
@ -11137,7 +11145,7 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
 					return (result);
 				}
 			}
-		} else if (tls) {
+		} else if (do_tls) {
 			if (named_g_tlsport != 0) {
 				port = named_g_tlsport;
 			} else {
@ -11162,6 +11170,7 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
 		if (cfg_obj_asuint32(portobj) >= UINT16_MAX) {
 			cfg_obj_log(portobj, named_g_lctx, ISC_LOG_ERROR,
 				    "port value '%u' is out of range",
 				    cfg_obj_asuint32(portobj));
 			return (ISC_R_RANGE);
 		}
@ -11183,14 +11192,11 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
 	if (http) {
 		INSIST(http_server != NULL);
-		result = ns_listenelt_from_http(http_server, tls_cert, port,
+		CHECK(listenelt_http(http_server, key, cert, port, mctx,
-						mctx, &delt);
+				     &delt));
 	} else {
-		result = ns_listenelt_create(mctx, port, dscp, NULL, tls, key,
+		CHECK(ns_listenelt_create(mctx, port, dscp, NULL, do_tls, key,
-					     cert, &delt);
+					  cert, &delt));
 	}
 	if (result != ISC_R_SUCCESS) {
 		return (result);
 	}
 	result = cfg_acl_fromconfig2(cfg_tuple_get(listener, "acl"), config,
@ -11201,65 +11207,56 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
 		return (result);
 	}
 	*target = delt;
-	return (ISC_R_SUCCESS);
+
 cleanup:
 	return (result);
 }
 /*
 * Create a listen list for HTTP/HTTPS
 */
 static isc_result_t
-ns_listenelt_from_http(isc_cfg_http_obj_t *http, isc_cfg_tls_obj_t *tls,
+listenelt_http(const cfg_obj_t *http, const char *key, const char *cert,
-		       in_port_t port, isc_mem_t *mctx,
+	       in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target) {
 		       ns_listenelt_t **target) {
 	isc_result_t result = ISC_R_SUCCESS;
 	ns_listenelt_t *delt = NULL;
-	const char *key = NULL, *cert = NULL;
+	char **endpoints = NULL;
-	char **http_endpoints = NULL;
+	const cfg_obj_t *eplist = NULL;
-	size_t http_endpoints_number;
+	const cfg_listelt_t *elt = NULL;
-	isc_cfg_http_endpoint_t *ep;
+	size_t len, i = 0;
 	size_t i = 0;
 	REQUIRE(target != NULL && *target == NULL);
-	if (tls) {
+	REQUIRE(target != NULL && *target == NULL);
-		INSIST(tls->key_file != NULL);
+	REQUIRE((key == NULL) == (cert == NULL));
 		INSIST(tls->cert_file != NULL);
 		key = tls->key_file;
 		cert = tls->cert_file;
 	}
 	if (port == 0) {
-		port = tls != NULL ? named_g_httpsport : named_g_httpport;
+		port = (key != NULL) ? named_g_httpsport : named_g_httpport;
 	}
-	for (ep = ISC_LIST_HEAD(http->endpoints), i = 0; ep != NULL;
+	CHECK(cfg_map_get(http, "endpoints", &eplist));
-	     ep = ISC_LIST_NEXT(ep, link), i++)
+	len = cfg_list_length(eplist, false);
-		;
+	endpoints = isc_mem_allocate(mctx, sizeof(endpoints[0]) * len);
-	INSIST(i > 0);
+	for (elt = cfg_list_first(eplist); elt != NULL;
-
+	     elt = cfg_list_next(elt)) {
-	http_endpoints_number = i;
+		const cfg_obj_t *ep = cfg_listelt_value(elt);
-	http_endpoints = isc_mem_allocate(mctx, sizeof(http_endpoints[0]) *
+		const char *path = cfg_obj_asstring(ep);
-							http_endpoints_number);
+		endpoints[i++] = isc_mem_strdup(mctx, path);
 	for (ep = ISC_LIST_HEAD(http->endpoints), i = 0; ep != NULL;
 	     ep = ISC_LIST_NEXT(ep, link), i++)
 	{
 		http_endpoints[i] = isc_mem_strdup(mctx, ep->path);
 	}
-	INSIST(i == http_endpoints_number);
+	INSIST(i == len);
 	result = ns_listenelt_create_http(mctx, port, named_g_dscp, NULL, key,
-					  cert, http_endpoints,
+					  cert, endpoints, len, &delt);
 					  http_endpoints_number, &delt);
 	if (result != ISC_R_SUCCESS) {
 		if (delt != NULL) {
 			ns_listenelt_destroy(delt);
 		}
-		return result;
+		return (result);
 	}
 	*target = delt;
 cleanup:
 	return (result);
 }
--- a/lib/isccfg/Makefile.am
+++ b/lib/isccfg/Makefile.am
@ -7,21 +7,17 @@ libisccfg_la_HEADERS =			\
 	include/isccfg/aclconf.h	\
 	include/isccfg/cfg.h		\
 	include/isccfg/grammar.h	\
 	include/isccfg/httpconf.h	\
 	include/isccfg/kaspconf.h	\
 	include/isccfg/log.h		\
-	include/isccfg/namedconf.h	\
+	include/isccfg/namedconf.h
 	include/isccfg/tlsconf.h
 libisccfg_la_SOURCES =			\
 	$(libisccfg_la_HEADERS)		\
 	aclconf.c			\
 	httpconf.c			\
 	dnsconf.c			\
 	kaspconf.c			\
 	log.c				\
 	namedconf.c			\
 	tlsconf.c			\
 	parser.c
 libisccfg_la_CPPFLAGS =			\
--- a/lib/isccfg/httpconf.c
+++ b/lib/isccfg/httpconf.c
@ -1,180 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <isc/util.h>
 #include <isccfg/grammar.h>
 #include <isccfg/httpconf.h>
 void
 cfg_http_storage_init(isc_mem_t *mctx, isc_cfg_http_storage_t *storage) {
 	REQUIRE(mctx != NULL);
 	REQUIRE(storage != NULL);
 	memset(storage, 0, sizeof(*storage));
 	isc_mem_attach(mctx, &storage->mctx);
 	ISC_LIST_INIT(storage->list);
 }
 void
 cfg_http_storage_uninit(isc_cfg_http_storage_t *storage) {
 	REQUIRE(storage != NULL);
 	cfg_http_storage_clear(storage);
 	isc_mem_detach(&storage->mctx);
 }
 void
 cfg_http_storage_clear(isc_cfg_http_storage_t *storage) {
 	isc_mem_t *mctx = NULL;
 	REQUIRE(storage != NULL);
 	mctx = storage->mctx;
 	if (!ISC_LIST_EMPTY(storage->list)) {
 		isc_cfg_http_obj_t *http = ISC_LIST_HEAD(storage->list);
 		while (http != NULL) {
 			isc_cfg_http_obj_t *next = ISC_LIST_NEXT(http, link);
 			ISC_LIST_DEQUEUE(storage->list, http, link);
 			storage->count--;
 			isc_mem_free(mctx, http->name);
 			if (!ISC_LIST_EMPTY(http->endpoints)) {
 				isc_cfg_http_endpoint_t *ep =
 					ISC_LIST_HEAD(http->endpoints);
 				while (ep != NULL) {
 					isc_cfg_http_endpoint_t *epnext =
 						ISC_LIST_NEXT(ep, link);
 					isc_mem_free(mctx, ep->path);
 					isc_mem_put(mctx, ep, sizeof(*ep));
 					ep = epnext;
 					http->count--;
 				}
 			}
 			isc_mem_put(mctx, http, sizeof(*http));
 			http = next;
 		}
 	}
 	INSIST(storage->count == 0);
 }
 isc_cfg_http_obj_t *
 cfg_http_find(const char *name, isc_cfg_http_storage_t *storage) {
 	isc_cfg_http_obj_t *http = NULL;
 	REQUIRE(name != NULL && *name != '\0');
 	REQUIRE(storage != NULL);
 	for (http = ISC_LIST_HEAD(storage->list); http != NULL;
 	     http = ISC_LIST_NEXT(http, link))
 	{
 		if (strcasecmp(name, http->name) == 0) {
 			break;
 		}
 	}
 	return (http);
 }
 static isc_result_t
 push_http_obj(const cfg_obj_t *map, isc_cfg_http_storage_t *storage) {
 	isc_mem_t *mctx = storage->mctx;
 	isc_cfg_http_obj_t *new;
 	const cfg_obj_t *endpoints = NULL;
 	const cfg_listelt_t *elt;
 	if (!cfg_obj_ismap(map) || map->value.map.id == NULL ||
 	    !cfg_obj_isstring(map->value.map.id))
 	{
 		return (ISC_R_FAILURE);
 	}
 	if (cfg_http_find(cfg_obj_asstring(map->value.map.id), storage) != NULL)
 	{
 		return (ISC_R_FAILURE);
 	}
 	if (cfg_map_get(map, "endpoints", &endpoints) != ISC_R_SUCCESS ||
 	    !cfg_obj_islist(endpoints))
 	{
 		return (ISC_R_FAILURE);
 	}
 	INSIST(endpoints != NULL);
 	new = isc_mem_get(mctx, sizeof(*new));
 	memset(new, 0, sizeof(*new));
 	ISC_LIST_INIT(new->endpoints);
 	new->name = isc_mem_strdup(mctx, cfg_obj_asstring(map->value.map.id));
 	for (elt = cfg_list_first(endpoints); elt != NULL;
 	     elt = cfg_list_next(elt)) {
 		isc_cfg_http_endpoint_t *newep = NULL;
 		const cfg_obj_t *endp = cfg_listelt_value(elt);
 		newep = isc_mem_get(mctx, sizeof(*newep));
 		ISC_LINK_INIT(newep, link);
 		newep->path = isc_mem_strdup(mctx, cfg_obj_asstring(endp));
 		ISC_LIST_PREPEND(new->endpoints, newep, link);
 		new->count++;
 	}
 	ISC_LINK_INIT(new, link);
 	ISC_LIST_PREPEND(storage->list, new, link);
 	storage->count++;
 	return (ISC_R_SUCCESS);
 }
 isc_result_t
 cfg_http_storage_load(const cfg_obj_t *cfg_ctx,
 		      isc_cfg_http_storage_t *storage) {
 	bool found = false;
 	isc_result_t result = ISC_R_SUCCESS;
 	const cfg_obj_t *http = NULL;
 	const cfg_listelt_t *elt;
 	const cfg_obj_t *map = NULL;
 	REQUIRE(cfg_ctx != NULL);
 	REQUIRE(storage != NULL);
 	cfg_http_storage_clear(storage);
 	result = cfg_map_get(cfg_ctx, "http", &http);
 	if (result != ISC_R_SUCCESS) {
 		/* No statements found, but it is fine. */
 		return (ISC_R_SUCCESS);
 	}
 	INSIST(http != NULL);
 	for (elt = cfg_list_first(http); elt != NULL; elt = cfg_list_next(elt))
 	{
 		map = cfg_listelt_value(elt);
 		INSIST(map != NULL);
 		found = true;
 		result = push_http_obj(map, storage);
 		if (result != ISC_R_SUCCESS) {
 			return (result);
 		}
 	}
 	if (found == true && storage->count == 0) {
 		return (ISC_R_FAILURE);
 	}
 	return (ISC_R_SUCCESS);
 }
--- a/lib/isccfg/include/isccfg/httpconf.h
+++ b/lib/isccfg/include/isccfg/httpconf.h
@ -1,69 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 #ifndef ISCCFG_HTTPCONF_H
 #define ISCCFG_HTTPCONF_H 1
 #include <inttypes.h>
 #include <isc/lang.h>
 #include <isc/list.h>
 #include <isc/mem.h>
 #include <isc/util.h>
 #include <dns/types.h>
 #include <isccfg/cfg.h>
 #include <isccfg/tlsconf.h>
 typedef struct isc_cfg_http_endpoint {
 	char *path;
 	LINK(struct isc_cfg_http_endpoint) link;
 } isc_cfg_http_endpoint_t;
 typedef struct isc_cfg_http_obj {
 	char *name;
 	LINK(struct isc_cfg_http_obj) link;
 	ISC_LIST(isc_cfg_http_endpoint_t) endpoints;
 	size_t count;
 } isc_cfg_http_obj_t;
 typedef struct isc_cfg_http_storage {
 	isc_mem_t *mctx;
 	ISC_LIST(isc_cfg_http_obj_t) list;
 	size_t count;
 } isc_cfg_http_storage_t;
 /***
 *** Functions
 ***/
 ISC_LANG_BEGINDECLS
 void
 cfg_http_storage_init(isc_mem_t *mctx, isc_cfg_http_storage_t *storage);
 void
 cfg_http_storage_uninit(isc_cfg_http_storage_t *storage);
 isc_result_t
 cfg_http_storage_load(const cfg_obj_t *	      cfg_ctx,
 		      isc_cfg_http_storage_t *storage);
 isc_cfg_http_obj_t *
 cfg_http_find(const char *name, isc_cfg_http_storage_t *storage);
 void
 cfg_http_storage_clear(isc_cfg_http_storage_t *storage);
 ISC_LANG_ENDDECLS
 #endif /* ISCCFG_HTTPCONF_H */
--- a/lib/isccfg/include/isccfg/tlsconf.h
+++ b/lib/isccfg/include/isccfg/tlsconf.h
@ -1,69 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 #ifndef ISCCFG_TLSCONF_H
 #define ISCCFG_TLSCONF_H 1
 #include <inttypes.h>
 #include <isc/lang.h>
 #include <isc/list.h>
 #include <isc/mem.h>
 #include <isc/util.h>
 #include <dns/types.h>
 #include <isccfg/cfg.h>
 typedef struct isc_cfg_tls_obj {
 	char *name;
 	char *key_file;
 	char *cert_file;
 	char *dh_param;
 	char *protocols;
 	char *ciphers;
 	LINK(struct isc_cfg_tls_obj) link;
 } isc_cfg_tls_obj_t;
 typedef struct isc_cfg_tls_data_storage {
 	isc_mem_t *mctx;
 	size_t	   count;
 	ISC_LIST(isc_cfg_tls_obj_t) list;
 } isc_cfg_tls_data_storage_t;
 /***
 *** Functions
 ***/
 ISC_LANG_BEGINDECLS
 void
 cfg_tls_storage_init(isc_mem_t *mctx, isc_cfg_tls_data_storage_t *storage);
 void
 cfg_tls_storage_uninit(isc_cfg_tls_data_storage_t *storage);
 isc_result_t
 cfg_tls_storage_load(const cfg_obj_t *		 cfg_ctx,
 		     isc_cfg_tls_data_storage_t *storage);
 isc_cfg_tls_obj_t *
 cfg_tls_storage_find(const char *name, isc_cfg_tls_data_storage_t *storage);
 /*
 * Looks for TLS key/certificate pair.
 */
 void
 cfg_tls_storage_clear(isc_cfg_tls_data_storage_t *storage);
 ISC_LANG_ENDDECLS
 #endif /* ISCCFG_TLSCONF_H */
--- a/lib/isccfg/tlsconf.c
+++ b/lib/isccfg/tlsconf.c
@ -1,194 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 #include <string.h>
 #include <isc/util.h>
 #include <isccfg/grammar.h>
 #include <isccfg/tlsconf.h>
 void
 cfg_tls_storage_init(isc_mem_t *mctx, isc_cfg_tls_data_storage_t *storage) {
 	REQUIRE(mctx != NULL);
 	REQUIRE(storage != NULL);
 	memset(storage, 0, sizeof(*storage));
 	isc_mem_attach(mctx, &storage->mctx);
 	ISC_LIST_INIT(storage->list);
 }
 void
 cfg_tls_storage_uninit(isc_cfg_tls_data_storage_t *storage) {
 	REQUIRE(storage != NULL);
 	cfg_tls_storage_clear(storage);
 	isc_mem_detach(&storage->mctx);
 }
 void
 cfg_tls_storage_clear(isc_cfg_tls_data_storage_t *storage) {
 	isc_mem_t *mctx = NULL;
 	REQUIRE(storage != NULL);
 	mctx = storage->mctx;
 	if (!ISC_LIST_EMPTY(storage->list)) {
 		isc_cfg_tls_obj_t *tls_obj = ISC_LIST_HEAD(storage->list);
 		while (tls_obj != NULL) {
 			isc_cfg_tls_obj_t *next = ISC_LIST_NEXT(tls_obj, link);
 			ISC_LIST_DEQUEUE(storage->list, tls_obj, link);
 			storage->count--;
 			isc_mem_free(mctx, tls_obj->name);
 			isc_mem_free(mctx, tls_obj->key_file);
 			isc_mem_free(mctx, tls_obj->cert_file);
 			if (tls_obj->dh_param != NULL) {
 				isc_mem_free(mctx, tls_obj->dh_param);
 			}
 			if (tls_obj->protocols != NULL) {
 				isc_mem_free(mctx, tls_obj->protocols);
 			}
 			if (tls_obj->ciphers != NULL) {
 				isc_mem_free(mctx, tls_obj->ciphers);
 			}
 			isc_mem_put(mctx, tls_obj, sizeof(*tls_obj));
 			tls_obj = next;
 		}
 	}
 	INSIST(storage->count == 0);
 }
 static isc_result_t
 push_tls_obj(const cfg_obj_t *map, isc_cfg_tls_data_storage_t *storage) {
 	isc_mem_t *mctx = storage->mctx;
 	isc_cfg_tls_obj_t *new = NULL;
 	const cfg_obj_t *key_file = NULL, *cert_file = NULL, *dh_param = NULL,
 			*protocols = NULL, *ciphers = NULL;
 	if (!cfg_obj_ismap(map) || map->value.map.id == NULL ||
 	    !cfg_obj_isstring(map->value.map.id))
 	{
 		return (ISC_R_FAILURE);
 	}
 	if (cfg_tls_storage_find(cfg_obj_asstring(map->value.map.id),
 				 storage) != NULL) {
 		return (ISC_R_FAILURE);
 	}
 	if (cfg_map_get(map, "key-file", &key_file) != ISC_R_SUCCESS ||
 	    !cfg_obj_isstring(key_file))
 	{
 		return (ISC_R_FAILURE);
 	}
 	INSIST(key_file != NULL);
 	if (cfg_map_get(map, "cert-file", &cert_file) != ISC_R_SUCCESS) {
 		return (ISC_R_FAILURE);
 	}
 	INSIST(cert_file != NULL);
 	(void)cfg_map_get(map, "dh-param", &dh_param);
 	(void)cfg_map_get(map, "protocols", &protocols);
 	(void)cfg_map_get(map, "ciphers", &ciphers);
 	new = isc_mem_get(mctx, sizeof(*new));
 	*new = (isc_cfg_tls_obj_t){
 		.name = isc_mem_strdup(mctx,
 				       cfg_obj_asstring(map->value.map.id)),
 		.key_file = isc_mem_strdup(mctx, cfg_obj_asstring(key_file)),
 		.cert_file = isc_mem_strdup(mctx, cfg_obj_asstring(cert_file)),
 	};
 	if (dh_param != NULL && cfg_obj_isstring(dh_param)) {
 		new->dh_param = isc_mem_strdup(mctx,
 					       cfg_obj_asstring(dh_param));
 	}
 	if (protocols != NULL && cfg_obj_isstring(protocols)) {
 		new->protocols = isc_mem_strdup(mctx,
 						cfg_obj_asstring(protocols));
 	}
 	if (ciphers != NULL && cfg_obj_isstring(ciphers)) {
 		new->ciphers = isc_mem_strdup(mctx, cfg_obj_asstring(ciphers));
 	}
 	ISC_LINK_INIT(new, link);
 	ISC_LIST_PREPEND(storage->list, new, link);
 	storage->count++;
 	return (ISC_R_SUCCESS);
 }
 isc_result_t
 cfg_tls_storage_load(const cfg_obj_t *cfg_ctx,
 		     isc_cfg_tls_data_storage_t *storage) {
 	isc_result_t result = ISC_R_SUCCESS;
 	bool found = false;
 	const cfg_obj_t *tls = NULL;
 	const cfg_listelt_t *elt;
 	const cfg_obj_t *map = NULL;
 	REQUIRE(cfg_ctx != NULL);
 	REQUIRE(storage != NULL);
 	result = cfg_map_get(cfg_ctx, "tls", &tls);
 	if (result != ISC_R_SUCCESS) {
 		/* No tls statements found, but it is fine. */
 		return (ISC_R_SUCCESS);
 	}
 	INSIST(tls != NULL);
 	cfg_tls_storage_clear(storage);
 	for (elt = cfg_list_first(tls); elt != NULL; elt = cfg_list_next(elt)) {
 		map = cfg_listelt_value(elt);
 		INSIST(map != NULL);
 		found = true;
 		result = push_tls_obj(map, storage);
 		if (result != ISC_R_SUCCESS) {
 			return (result);
 		}
 	}
 	if (found == true && storage->count == 0) {
 		return (ISC_R_FAILURE);
 	}
 	return (ISC_R_SUCCESS);
 }
 isc_cfg_tls_obj_t *
 cfg_tls_storage_find(const char *name, isc_cfg_tls_data_storage_t *storage) {
 	isc_cfg_tls_obj_t *tls_obj = NULL;
 	REQUIRE(storage != NULL);
 	if (name == NULL) {
 		return (NULL);
 	}
 	for (tls_obj = ISC_LIST_HEAD(storage->list); tls_obj != NULL;
 	     tls_obj = ISC_LIST_NEXT(tls_obj, link))
 	{
 		if (strcasecmp(name, tls_obj->name) == 0) {
 			break;
 		}
 	}
 	return (tls_obj);
 }
--- a/util/copyrights
+++ b/util/copyrights
@ -2105,22 +2105,18 @@
 ./lib/isccc/win32/libisccc.vcxproj.user		X	2013,2018,2019,2020,2021
 ./lib/isccfg/aclconf.c				C	1999,2000,2001,2002,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021
 ./lib/isccfg/dnsconf.c				C	2009,2016,2018,2019,2020,2021
 ./lib/isccfg/httpconf.c				C	2021
 ./lib/isccfg/include/isccfg/aclconf.h		C	1999,2000,2001,2004,2005,2006,2007,2010,2011,2012,2013,2014,2016,2018,2019,2020,2021
 ./lib/isccfg/include/isccfg/cfg.h		C	2000,2001,2002,2004,2005,2006,2007,2010,2013,2014,2015,2016,2018,2019,2020,2021
 ./lib/isccfg/include/isccfg/grammar.h		C	2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2013,2014,2015,2016,2017,2018,2019,2020,2021
 ./lib/isccfg/include/isccfg/httpconf.h		C	2021
 ./lib/isccfg/include/isccfg/kaspconf.h		C	2019,2020,2021
 ./lib/isccfg/include/isccfg/log.h		C	2001,2004,2005,2006,2007,2009,2016,2018,2019,2020,2021
 ./lib/isccfg/include/isccfg/namedconf.h		C	2002,2004,2005,2006,2007,2009,2010,2014,2016,2018,2019,2020,2021
 ./lib/isccfg/include/isccfg/tlsconf.h		C	2021
 ./lib/isccfg/kaspconf.c				C	2019,2020,2021
 ./lib/isccfg/log.c				C	2001,2004,2005,2006,2007,2016,2018,2019,2020,2021
 ./lib/isccfg/namedconf.c			C	2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021
 ./lib/isccfg/parser.c				C	2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021
 ./lib/isccfg/tests/duration_test.c		C	2019,2020,2021
 ./lib/isccfg/tests/parser_test.c		C	2016,2018,2019,2020,2021
 ./lib/isccfg/tlsconf.c				C	2021
 ./lib/isccfg/win32/DLLMain.c			C	2001,2004,2007,2016,2018,2019,2020,2021
 ./lib/isccfg/win32/libisccfg.def		X	2001,2002,2005,2009,2010,2011,2013,2014,2015,2016,2018,2019,2020,2021
 ./lib/isccfg/win32/libisccfg.vcxproj.filters.in	X	2013,2014,2015,2016,2018,2019,2020