From ae6bf1979d03570878d77f7b93a4d57d510c172e Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Thu, 6 Feb 2020 15:56:58 +0100 Subject: [PATCH] Make key-directory optional The key-directory keyword actually does nothing right now but may be useful in the future if we want to differentiate between key directories or HSM keys, or if we want to speficy different directories for different keys or policies. Make it optional for the time being. --- bin/tests/system/checkconf/good-kasp.conf | 2 +- lib/isccfg/namedconf.c | 38 +++++++++++++---------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/bin/tests/system/checkconf/good-kasp.conf b/bin/tests/system/checkconf/good-kasp.conf index 19420f2dfd..e6be148466 100644 --- a/bin/tests/system/checkconf/good-kasp.conf +++ b/bin/tests/system/checkconf/good-kasp.conf @@ -18,7 +18,7 @@ dnssec-policy "test" { dnskey-ttl 3600; keys { ksk key-directory lifetime P1Y algorithm 13 256; - zsk key-directory lifetime P30D algorithm 13; + zsk lifetime P30D algorithm 13; csk key-directory lifetime unlimited algorithm 8 2048; }; max-zone-ttl 86400; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 0bfb11a25c..0753819090 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -475,6 +475,25 @@ static cfg_type_t cfg_type_dnsseckey = { &cfg_rep_tuple, dnsseckey_fields }; +/*% + * Optional enums. + * + */ +static isc_result_t +parse_optional_enum(cfg_parser_t *pctx, const cfg_type_t *type, + cfg_obj_t **ret) +{ + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_void, ret)); +} + +static void +doc_optional_enum(cfg_printer_t *pctx, const cfg_type_t *type) { + UNUSED(type); + cfg_print_cstr(pctx, "[ "); + cfg_doc_enum(pctx, type); + cfg_print_cstr(pctx, " ]"); +} + /*% * A key initialization specifier, as used in the * "trust-anchors" (or synonymous "managed-keys") statement. @@ -514,8 +533,8 @@ static cfg_type_t cfg_type_dnsseckeyrole = { */ static const char *dnsseckeystore_enums[] = { "key-directory", NULL }; static cfg_type_t cfg_type_dnsseckeystore = { - "dnssec-key-storage", cfg_parse_enum, cfg_print_ustring, cfg_doc_enum, - &cfg_rep_string, &dnsseckeystore_enums + "dnssec-key-storage", parse_optional_enum, cfg_print_ustring, + doc_optional_enum, &cfg_rep_string, dnsseckeystore_enums }; /*% @@ -1015,21 +1034,6 @@ static cfg_type_t cfg_type_fetchquota = { static const char *response_enums[] = { "drop", "fail", NULL }; -static isc_result_t -parse_optional_enum(cfg_parser_t *pctx, const cfg_type_t *type, - cfg_obj_t **ret) -{ - return (cfg_parse_enum_or_other(pctx, type, &cfg_type_void, ret)); -} - -static void -doc_optional_enum(cfg_printer_t *pctx, const cfg_type_t *type) { - UNUSED(type); - cfg_print_cstr(pctx, "[ "); - cfg_doc_enum(pctx, type); - cfg_print_cstr(pctx, " ]"); -} - static cfg_type_t cfg_type_responsetype = { "responsetype", parse_optional_enum, cfg_print_ustring, doc_optional_enum, &cfg_rep_string, response_enums