mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Make key-directory optional

Browse Source 
The key-directory keyword actually does nothing right now but may
be useful in the future if we want to differentiate between key
directories or HSM keys, or if we want to speficy different
directories for different keys or policies.  Make it optional for
the time being.
This commit is contained in:
Matthijs Mekking
2020-02-06 15:56:58 +01:00
committed by Evan Hunt
parent 2733edb2a6
commit ae6bf1979d
2 changed files with 22 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/tests/system/checkconf/good-kasp.conf
View File

@@ -18,7 +18,7 @@ dnssec-policy "test" {
dnskey-ttl 3600; dnskey-ttl 3600;
keys { keys {
ksk key-directory lifetime P1Y algorithm 13 256; ksk key-directory lifetime P1Y algorithm 13 256;
zsk key-directory lifetime P30D algorithm 13; zsk lifetime P30D algorithm 13;
csk key-directory lifetime unlimited algorithm 8 2048; csk key-directory lifetime unlimited algorithm 8 2048;
}; };
max-zone-ttl 86400; max-zone-ttl 86400;

38
lib/isccfg/namedconf.c
View File

@@ -475,6 +475,25 @@ static cfg_type_t cfg_type_dnsseckey = {
&cfg_rep_tuple, dnsseckey_fields &cfg_rep_tuple, dnsseckey_fields
}; };
/*%
* Optional enums.
*
*/
static isc_result_t
parse_optional_enum(cfg_parser_t *pctx, const cfg_type_t *type,
cfg_obj_t **ret)
{
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_void, ret));
}
static void
doc_optional_enum(cfg_printer_t *pctx, const cfg_type_t *type) {
UNUSED(type);
cfg_print_cstr(pctx, "[ ");
cfg_doc_enum(pctx, type);
cfg_print_cstr(pctx, " ]");
}
/*% /*%
* A key initialization specifier, as used in the * A key initialization specifier, as used in the
* "trust-anchors" (or synonymous "managed-keys") statement. * "trust-anchors" (or synonymous "managed-keys") statement.
@@ -514,8 +533,8 @@ static cfg_type_t cfg_type_dnsseckeyrole = {
*/ */
static const char *dnsseckeystore_enums[] = { "key-directory", NULL }; static const char *dnsseckeystore_enums[] = { "key-directory", NULL };
static cfg_type_t cfg_type_dnsseckeystore = { static cfg_type_t cfg_type_dnsseckeystore = {
"dnssec-key-storage", cfg_parse_enum, cfg_print_ustring, cfg_doc_enum, "dnssec-key-storage", parse_optional_enum, cfg_print_ustring,
&cfg_rep_string, &dnsseckeystore_enums doc_optional_enum, &cfg_rep_string, dnsseckeystore_enums
}; };
/*% /*%
@@ -1015,21 +1034,6 @@ static cfg_type_t cfg_type_fetchquota = {
static const char *response_enums[] = { "drop", "fail", NULL }; static const char *response_enums[] = { "drop", "fail", NULL };
static isc_result_t
parse_optional_enum(cfg_parser_t *pctx, const cfg_type_t *type,
cfg_obj_t **ret)
{
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_void, ret));
}
static void
doc_optional_enum(cfg_printer_t *pctx, const cfg_type_t *type) {
UNUSED(type);
cfg_print_cstr(pctx, "[ ");
cfg_doc_enum(pctx, type);
cfg_print_cstr(pctx, " ]");
}
static cfg_type_t cfg_type_responsetype = { static cfg_type_t cfg_type_responsetype = {
"responsetype", parse_optional_enum, cfg_print_ustring, "responsetype", parse_optional_enum, cfg_print_ustring,
doc_optional_enum, &cfg_rep_string, response_enums doc_optional_enum, &cfg_rep_string, response_enums