separated BIND specific configuration code from rest

of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for
consistency with rest of library

bin/named/include/named/tkeyconf.h

@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_TKEYCONF_H
+#define DNS_TKEYCONF_H 1
+
+#include <isc/types.h>
+#include <isc/lang.h>
+
+#include <dns/tkey.h>
+#include <dns/confctx.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctxp);
+/*
+ * 	Create a TKEY context and configure it, including the default DH key
+ *	and default domain, according to 'cfg'.
+ *
+ *	Requires:
+ *		'cfg' is a valid configuration context.
+ *		'mctx' is not NULL
+ *		'tctx' is not NULL
+ *		'*tctx' is NULL
+ *
+ *	Returns:
+ *		ISC_R_SUCCESS
+ *		ISC_R_NOMEMORY
+ */
+ 
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_TKEYCONF_H */

bin/named/include/named/tsigconf.h

@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_TSIGCONF_H
+#define DNS_TSIGCONF_H 1
+
+#include <isc/types.h>
+#include <isc/lang.h>
+
+#include <dns/tsig.h>
+#include <dns/confctx.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
+			   dns_tsig_keyring_t **ring);
+/*
+ * Create a TSIG key ring and configure it according to 'confctx'.
+ *
+ *	Requires:
+ *		'confctx' is a valid configuration context.
+ *		'mctx' is not NULL
+ *		'ring' is not NULL, and '*ring' is NULL
+ *
+ *	Returns:
+ *		ISC_R_SUCCESS
+ *		ISC_R_NOMEMORY
+ */
+ 
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_TSIGCONF_H */

bin/named/server.c

@@ -47,8 +47,8 @@
 #include <dns/rdata.h>
 #include <dns/result.h>
 #include <dns/rootns.h>
-#include <dns/tkey.h>
+#include <dns/tkeyconf.h>
-#include <dns/tsig.h>
+#include <dns/tsigconf.h>
 #include <dns/types.h>
 #include <dns/view.h>
 #include <dns/zone.h>
@@ -156,7 +156,7 @@ configure_view(dns_view_t *view, dns_c_ctx_t *cctx, isc_mem_t *mctx)
 	 * Configure the view's TSIG keys.
 	 */
 	ring = NULL;
-	CHECK(dns_tsig_init(cctx, view->mctx, &ring));
+	CHECK(dns_tsigkeyring_fromconfig(cctx, view->mctx, &ring));
 	dns_view_setkeyring(view, ring);
 
  cleanup:
@@ -564,8 +564,8 @@ load_configuration(const char *filename, ns_server_t *server) {
 	 * Load the TKEY information from the configuration
 	 */
 	if (ns_g_tkeyctx != NULL)
-		dns_tkey_destroy(&ns_g_tkeyctx);
+		dns_tkeyctx_destroy(&ns_g_tkeyctx);
-	CHECKM(dns_tkey_init(configctx, ns_g_mctx, &ns_g_tkeyctx),
+	CHECKM(dns_tkeyctx_fromconfig(configctx, ns_g_mctx, &ns_g_tkeyctx),
 	       "setting up TKEY");
 	/*
 	 * Rescan the interface list to pick up changes in the
@@ -667,7 +667,7 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {
 
 	RWUNLOCK(&server->viewlock, isc_rwlocktype_write);
 
-	dns_tkey_destroy(&ns_g_tkeyctx);
+	dns_tkeyctx_destroy(&ns_g_tkeyctx);
 
 	ns_clientmgr_destroy(&server->clientmgr);
 	ns_interfacemgr_shutdown(server->interfacemgr);

bin/named/tkeyconf.c

@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <isc/base64.h>
+#include <isc/lex.h>
+
+#include <dns/confctx.h>
+#include <dns/confkeys.h>
+#include <dns/keyvalues.h>
+#include <dns/name.h>
+#include <dns/tkeyconf.h>
+
+#define RETERR(x) do { \
+	result = (x); \
+	if (result != ISC_R_SUCCESS) \
+		goto failure; \
+	} while (0)
+
+
+isc_result_t
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
+		       dns_tkey_ctx_t **tctxp)
+{
+	isc_result_t result;
+	dns_tkey_ctx_t *tctx = NULL;
+	char *s;
+	int n;
+	isc_buffer_t b, namebuf;
+	unsigned char data[1024];
+	dns_name_t domain;
+
+	result = dns_tkeyctx_create(mctx, &tctx);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	s = NULL;
+	result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
+	if (result == ISC_R_NOTFOUND)
+		return (ISC_R_SUCCESS);
+	RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
+				DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
+				mctx, &tctx->dhkey));
+	s = NULL;
+	RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
+	dns_name_init(&domain, NULL);
+	tctx->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
+	if (tctx->domain == NULL)
+		return (ISC_R_NOMEMORY);
+	dns_name_init(tctx->domain, NULL);
+	isc_buffer_init(&b, s, strlen(s), ISC_BUFFERTYPE_TEXT);
+	isc_buffer_add(&b, strlen(s));
+	isc_buffer_init(&namebuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
+	RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
+				 &namebuf));
+	RETERR(dns_name_dup(&domain, mctx, tctx->domain));
+
+	*tctxp = tctx;
+	return (ISC_R_SUCCESS);
+
+ failure:
+	if (tctx->dhkey != NULL) {
+		dst_key_free(tctx->dhkey);
+		tctx->dhkey = NULL;
+	}
+	if (tctx->domain != NULL) {
+		dns_name_free(tctx->domain, mctx);
+		isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
+		tctx->domain = NULL;
+	}
+	dns_tkeyctx_destroy(&tctx);
+	return (result);
+}
+

bin/named/tsigconf.c

@@ -0,0 +1,150 @@
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <isc/base64.h>
+#include <isc/lex.h>
+
+#include <dns/confctx.h>
+#include <dns/confkeys.h>
+#include <dns/name.h>
+#include <dns/tsigconf.h>
+
+static isc_result_t
+add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
+		 isc_mem_t *mctx)
+{
+	isc_lex_t *lex = NULL;
+	dns_c_kdef_t *key;
+	unsigned char *secret = NULL;
+	int secretalloc = 0;
+	int secretlen = 0;
+	isc_result_t ret;
+
+	key = ISC_LIST_HEAD(list->keydefs);
+	while (key != NULL) {
+		dns_name_t keyname;
+		dns_name_t alg;
+		char keynamedata[1024], algdata[1024];
+		isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
+		isc_buffer_t secretsrc, secretbuf;
+
+		dns_name_init(&keyname, NULL);
+		dns_name_init(&alg, NULL);
+
+		/* Create the key name */
+		isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid),
+				ISC_BUFFERTYPE_TEXT);
+		isc_buffer_add(&keynamesrc, strlen(key->keyid));
+		isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata),
+				ISC_BUFFERTYPE_BINARY);
+		ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
+					ISC_TRUE, &keynamebuf);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+
+		/* Create the algorithm */
+		if (strcasecmp(key->algorithm, "hmac-md5") == 0)
+			alg = *dns_tsig_hmacmd5_name;
+		else {
+			isc_buffer_init(&algsrc, key->algorithm,
+					strlen(key->algorithm),
+					ISC_BUFFERTYPE_TEXT);
+			isc_buffer_add(&algsrc, strlen(key->algorithm));
+			isc_buffer_init(&algbuf, algdata, sizeof(algdata),
+					ISC_BUFFERTYPE_BINARY);
+			ret = dns_name_fromtext(&alg, &algsrc, dns_rootname,
+						ISC_TRUE, &algbuf);
+			if (ret != ISC_R_SUCCESS)
+				goto failure;
+		}
+
+		if (strlen(key->secret) % 4 != 0) {
+			ret = ISC_R_BADBASE64;
+			goto failure;
+		}
+		secretalloc = secretlen = strlen(key->secret) * 3 / 4;
+		secret = isc_mem_get(mctx, secretlen);
+		if (secret == NULL) {
+			ret = ISC_R_NOMEMORY;
+			goto failure;
+		}
+		isc_buffer_init(&secretsrc, key->secret, strlen(key->secret),
+				ISC_BUFFERTYPE_TEXT);
+		isc_buffer_add(&secretsrc, strlen(key->secret));
+		isc_buffer_init(&secretbuf, secret, secretlen,
+				ISC_BUFFERTYPE_BINARY);
+		ret = isc_lex_create(mctx, strlen(key->secret), &lex);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		ret = isc_lex_openbuffer(lex, &secretsrc);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		ret = isc_base64_tobuffer(lex, &secretbuf, -1);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		secretlen = ISC_BUFFER_USEDCOUNT(&secretbuf);
+		isc_lex_close(lex);
+		isc_lex_destroy(&lex);
+
+		ret = dns_tsigkey_create(&keyname, &alg, secret, secretlen,
+					 ISC_FALSE, NULL, mctx, ring, NULL);
+		isc_mem_put(mctx, secret, secretalloc);
+		secret = NULL;
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		key = ISC_LIST_NEXT(key, next);
+	}
+	return (ISC_R_SUCCESS);
+
+ failure:
+	if (lex != NULL)
+		isc_lex_destroy(&lex);
+	if (secret != NULL)
+		isc_mem_put(mctx, secret, secretlen);
+	return (ret);
+
+}
+
+isc_result_t
+dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
+			   dns_tsig_keyring_t **ringp)
+{
+	dns_c_kdeflist_t *keylist = NULL;
+	dns_tsig_keyring_t *ring = NULL;
+	isc_result_t result;
+
+	result = dns_tsigkeyring_create(mctx, &ring);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+	
+	result = dns_c_ctx_getkdeflist(confctx, &keylist);
+	if (result == ISC_R_SUCCESS)
+		result = add_initial_keys(keylist, ring, mctx);
+	else if (result == ISC_R_NOTFOUND)
+		result = ISC_R_SUCCESS;
+	if (result != ISC_R_SUCCESS)
+		goto failure;
+
+	*ringp = ring;
+	return (ISC_R_SUCCESS);
+
+ failure:
+	dns_tsigkeyring_destroy(&ring);
+	return (result);
+}

bin/tests/tkey_test.c

@@ -320,8 +320,8 @@ main(int argc, char *argv[]) {
 
 	RUNTIME_CHECK(isc_log_create(mctx, &log) == ISC_R_SUCCESS);
 	ring = NULL;
-	RUNTIME_CHECK(dns_tsig_init(NULL, mctx, &ring) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(dns_tsigkeyring_create(mctx, &ring) == ISC_R_SUCCESS);
-	RUNTIME_CHECK(dns_tkey_init(NULL, mctx, &tctx) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(dns_tkeyctx_create(mctx, &tctx) == ISC_R_SUCCESS);
 
 	argc -= isc_commandline_index;
 	argv += isc_commandline_index;
@@ -362,8 +362,8 @@ main(int argc, char *argv[]) {
 	isc_socketmgr_destroy(&socketmgr);
 	isc_timermgr_destroy(&timermgr);
 
-	dns_tsig_destroy(&ring);
+	dns_tsigkeyring_destroy(&ring);
-	dns_tkey_destroy(&tctx);
+	dns_tkeyctx_destroy(&tctx);
 	if (verbose)
 		isc_mem_stats(mctx, stdout);
 	isc_mem_destroy(&mctx);

lib/dns/Makefile.in

@@ -123,7 +123,8 @@ OBJS =		a6.@O@ acl.@O@ aclconf.@O@ adb.@O@ byaddr.@O@ \
 		rbt.@O@ rbtdb.@O@ rbtdb64.@O@ rdata.@O@ rdatalist.@O@ \
 		rdataset.@O@ rdatasetiter.@O@ rdataslab.@O@ resolver.@O@ \
 		result.@O@ rootns.@O@ \
-		tcpmsg.@O@ time.@O@ tkey.@O@ tsig.@O@ ttl.@O@ \
+		tcpmsg.@O@ time.@O@ tkey.@O@ tkeyconf.@O@ \
+		tsig.@O@ tsigconf.@O@ ttl.@O@ \
 		version.@O@ view.@O@ xfrin.@O@ zone.@O@ zoneconf.@O@ zt.@O@ \
 		${DSTOBJS} ${OPENSSLOBJS} ${DNSSAFEOBJS} ${CONFOBJS}
 
@@ -137,7 +138,8 @@ SRCS =		a6.c acl.c aclconf.c adb.c byaddr.c \
 		rbt.c rbtdb.c rbtdb64.c rdata.c rdatalist.c \
 		rdataset.c rdatasetiter.c rdataslab.c resolver.c \
 		result.c rootns.c \
-		tcpmsg.c time.c tkey.c tsig.c ttl.c \
+		tcpmsg.c time.c tkey.c tkeyconf.c \
+		tsig.c tsigconf.c ttl.c \
 		version.c view.c xfrin.c zone.c zoneconf.c zt.c
 
 SUBDIRS =	include sec config

lib/dns/include/dns/tkey.h

@@ -18,12 +18,11 @@
 #ifndef DNS_TKEY_H
 #define DNS_TKEY_H 1
 
-#include <isc/mem.h>
+#include <isc/types.h>
 #include <isc/lang.h>
 
 #include <dns/types.h>
 #include <dns/name.h>
-#include <dns/confctx.h>
 
 #include <dst/dst.h>
 
@@ -43,10 +42,9 @@ struct dns_tkey_ctx {
 };
 
 isc_result_t
-dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
+dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
 /*
- *	Obtains TKEY configuration information, including default DH key
+ *	Create an empty TKEY context.
- *	and default domain from the configuration, if it's not NULL.
  *
  * 	Requires:
  *		'mctx' is not NULL
@@ -60,7 +58,7 @@ dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
  */
 
 void
-dns_tkey_destroy(dns_tkey_ctx_t **tctx);
+dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx);
 /*
  *      Frees all data associated with the TKEY context
  *

lib/dns/include/dns/tkeyconf.h

@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_TKEYCONF_H
+#define DNS_TKEYCONF_H 1
+
+#include <isc/types.h>
+#include <isc/lang.h>
+
+#include <dns/tkey.h>
+#include <dns/confctx.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctxp);
+/*
+ * 	Create a TKEY context and configure it, including the default DH key
+ *	and default domain, according to 'cfg'.
+ *
+ *	Requires:
+ *		'cfg' is a valid configuration context.
+ *		'mctx' is not NULL
+ *		'tctx' is not NULL
+ *		'*tctx' is NULL
+ *
+ *	Returns:
+ *		ISC_R_SUCCESS
+ *		ISC_R_NOMEMORY
+ */
+ 
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_TKEYCONF_H */

lib/dns/include/dns/tsig.h

@@ -24,7 +24,6 @@
 
 #include <dns/types.h>
 #include <dns/name.h>
-#include <dns/confctx.h>
 
 #include <dst/dst.h>
 
@@ -174,10 +173,9 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,
 
 
 isc_result_t
-dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring);
+dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ring);
 /*
- *	Initializes the TSIG subsystem.  If confctx is not NULL, any
+ *	Create an empty TSIG key ring.
- *	specified keys are loaded.
  *
  *	Requires:
  *		'mctx' is not NULL
@@ -190,9 +188,9 @@ dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring);
 
 
 void
-dns_tsig_destroy(dns_tsig_keyring_t **ring);
+dns_tsigkeyring_destroy(dns_tsig_keyring_t **ring);
 /*
- *	Frees all data associated with the TSIG subsystem
+ *	Destroy a TSIG key ring.
  *
  *	Requires:
  *		'ring' is not NULL

lib/dns/include/dns/tsigconf.h

@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_TSIGCONF_H
+#define DNS_TSIGCONF_H 1
+
+#include <isc/types.h>
+#include <isc/lang.h>
+
+#include <dns/tsig.h>
+#include <dns/confctx.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
+			   dns_tsig_keyring_t **ring);
+/*
+ * Create a TSIG key ring and configure it according to 'confctx'.
+ *
+ *	Requires:
+ *		'confctx' is a valid configuration context.
+ *		'mctx' is not NULL
+ *		'ring' is not NULL, and '*ring' is NULL
+ *
+ *	Returns:
+ *		ISC_R_SUCCESS
+ *		ISC_R_NOMEMORY
+ */
+ 
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_TSIGCONF_H */

lib/dns/tkey.c

@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tkey.c,v 1.18 2000/01/22 04:45:13 bwelling Exp $
+ * $Id: tkey.c,v 1.19 2000/01/24 19:14:21 gson Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -65,14 +65,7 @@
 
 
 isc_result_t
-dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
+dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
-	isc_result_t result;
-	char *s;
-	int n;
-	isc_buffer_t b, namebuf;
-	unsigned char data[1024];
-	dns_name_t domain;
-
 	REQUIRE(mctx != NULL);
 	REQUIRE(tctx != NULL);
 	REQUIRE(*tctx == NULL);
@@ -84,47 +77,11 @@ dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
 	(*tctx)->dhkey = NULL;
 	(*tctx)->domain = NULL;
 
-	if (cfg == NULL)
-		return (ISC_R_SUCCESS);
-
-	s = NULL;
-	result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
-	if (result == ISC_R_NOTFOUND)
-		return (ISC_R_SUCCESS);
-	RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
-				DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
-				mctx, &(*tctx)->dhkey));
-	s = NULL;
-	RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
-	dns_name_init(&domain, NULL);
-	(*tctx)->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
-	if ((*tctx)->domain == NULL)
-		return (ISC_R_NOMEMORY);
-	dns_name_init((*tctx)->domain, NULL);
-	isc_buffer_init(&b, s, strlen(s), ISC_BUFFERTYPE_TEXT);
-	isc_buffer_add(&b, strlen(s));
-	isc_buffer_init(&namebuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
-	RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
-				 &namebuf));
-	RETERR(dns_name_dup(&domain, mctx, (*tctx)->domain));
-
 	return (ISC_R_SUCCESS);
-
- failure:
-	if ((*tctx)->dhkey != NULL) {
-		dst_key_free((*tctx)->dhkey);
-		(*tctx)->dhkey = NULL;
-	}
-	if ((*tctx)->domain != NULL) {
-		dns_name_free((*tctx)->domain, mctx);
-		isc_mem_put(mctx, (*tctx)->domain, sizeof(dns_name_t));
-		(*tctx)->domain = NULL;
-	}
-	return (result);
 }
 
 void
-dns_tkey_destroy(dns_tkey_ctx_t **tctx) {
+dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx) {
 	isc_mem_t *mctx;
 
 	REQUIRE(tctx != NULL);

lib/dns/tkeyconf.c

@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <isc/base64.h>
+#include <isc/lex.h>
+
+#include <dns/confctx.h>
+#include <dns/confkeys.h>
+#include <dns/keyvalues.h>
+#include <dns/name.h>
+#include <dns/tkeyconf.h>
+
+#define RETERR(x) do { \
+	result = (x); \
+	if (result != ISC_R_SUCCESS) \
+		goto failure; \
+	} while (0)
+
+
+isc_result_t
+dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
+		       dns_tkey_ctx_t **tctxp)
+{
+	isc_result_t result;
+	dns_tkey_ctx_t *tctx = NULL;
+	char *s;
+	int n;
+	isc_buffer_t b, namebuf;
+	unsigned char data[1024];
+	dns_name_t domain;
+
+	result = dns_tkeyctx_create(mctx, &tctx);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	s = NULL;
+	result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
+	if (result == ISC_R_NOTFOUND)
+		return (ISC_R_SUCCESS);
+	RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
+				DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
+				mctx, &tctx->dhkey));
+	s = NULL;
+	RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
+	dns_name_init(&domain, NULL);
+	tctx->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
+	if (tctx->domain == NULL)
+		return (ISC_R_NOMEMORY);
+	dns_name_init(tctx->domain, NULL);
+	isc_buffer_init(&b, s, strlen(s), ISC_BUFFERTYPE_TEXT);
+	isc_buffer_add(&b, strlen(s));
+	isc_buffer_init(&namebuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
+	RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
+				 &namebuf));
+	RETERR(dns_name_dup(&domain, mctx, tctx->domain));
+
+	*tctxp = tctx;
+	return (ISC_R_SUCCESS);
+
+ failure:
+	if (tctx->dhkey != NULL) {
+		dst_key_free(tctx->dhkey);
+		tctx->dhkey = NULL;
+	}
+	if (tctx->domain != NULL) {
+		dns_name_free(tctx->domain, mctx);
+		isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
+		tctx->domain = NULL;
+	}
+	dns_tkeyctx_destroy(&tctx);
+	return (result);
+}
+

lib/dns/tsig.c

@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tsig.c,v 1.40 2000/01/22 04:45:14 bwelling Exp $
+ * $Id: tsig.c,v 1.41 2000/01/24 19:14:22 gson Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -27,7 +27,6 @@
 #include <string.h>
 
 #include <isc/assertions.h>
-#include <isc/base64.h>
 #include <isc/buffer.h>
 #include <isc/error.h>
 #include <isc/list.h>
@@ -46,8 +45,6 @@
 #include <dns/rdataset.h>
 #include <dns/rdatastruct.h>
 #include <dns/tsig.h>
-#include <dns/confctx.h>
-#include <dns/confkeys.h>
 
 #include <dst/dst.h>
 #include <dst/result.h>
@@ -985,102 +982,6 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,
 	return (ISC_R_NOTFOUND);
 }
 
-static isc_result_t
-add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
-		 isc_mem_t *mctx)
-{
-	isc_lex_t *lex = NULL;
-	dns_c_kdef_t *key;
-	unsigned char *secret = NULL;
-	int secretalloc = 0;
-	int secretlen = 0;
-	isc_result_t ret;
-
-	key = ISC_LIST_HEAD(list->keydefs);
-	while (key != NULL) {
-		dns_name_t keyname;
-		dns_name_t alg;
-		char keynamedata[1024], algdata[1024];
-		isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
-		isc_buffer_t secretsrc, secretbuf;
-
-		dns_name_init(&keyname, NULL);
-		dns_name_init(&alg, NULL);
-
-		/* Create the key name */
-		isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid),
-				ISC_BUFFERTYPE_TEXT);
-		isc_buffer_add(&keynamesrc, strlen(key->keyid));
-		isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata),
-				ISC_BUFFERTYPE_BINARY);
-		ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
-					ISC_TRUE, &keynamebuf);
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-
-		/* Create the algorithm */
-		if (strcasecmp(key->algorithm, "hmac-md5") == 0)
-			alg = *dns_tsig_hmacmd5_name;
-		else {
-			isc_buffer_init(&algsrc, key->algorithm,
-					strlen(key->algorithm),
-					ISC_BUFFERTYPE_TEXT);
-			isc_buffer_add(&algsrc, strlen(key->algorithm));
-			isc_buffer_init(&algbuf, algdata, sizeof(algdata),
-					ISC_BUFFERTYPE_BINARY);
-			ret = dns_name_fromtext(&alg, &algsrc, dns_rootname,
-						ISC_TRUE, &algbuf);
-			if (ret != ISC_R_SUCCESS)
-				goto failure;
-		}
-
-		if (strlen(key->secret) % 4 != 0) {
-			ret = ISC_R_BADBASE64;
-			goto failure;
-		}
-		secretalloc = secretlen = strlen(key->secret) * 3 / 4;
-		secret = isc_mem_get(mctx, secretlen);
-		if (secret == NULL) {
-			ret = ISC_R_NOMEMORY;
-			goto failure;
-		}
-		isc_buffer_init(&secretsrc, key->secret, strlen(key->secret),
-				ISC_BUFFERTYPE_TEXT);
-		isc_buffer_add(&secretsrc, strlen(key->secret));
-		isc_buffer_init(&secretbuf, secret, secretlen,
-				ISC_BUFFERTYPE_BINARY);
-		ret = isc_lex_create(mctx, strlen(key->secret), &lex);
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-		ret = isc_lex_openbuffer(lex, &secretsrc);
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-		ret = isc_base64_tobuffer(lex, &secretbuf, -1);
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-		secretlen = ISC_BUFFER_USEDCOUNT(&secretbuf);
-		isc_lex_close(lex);
-		isc_lex_destroy(&lex);
-
-		ret = dns_tsigkey_create(&keyname, &alg, secret, secretlen,
-					 ISC_FALSE, NULL, mctx, ring, NULL);
-		isc_mem_put(mctx, secret, secretalloc);
-		secret = NULL;
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-		key = ISC_LIST_NEXT(key, next);
-	}
-	return (ISC_R_SUCCESS);
-
- failure:
-	if (lex != NULL)
-		isc_lex_destroy(&lex);
-	if (secret != NULL)
-		isc_mem_put(mctx, secret, secretlen);
-	return (ret);
-
-}
-
 static void
 dns_tsig_inithmac() {
 	isc_region_t r;
@@ -1093,10 +994,9 @@ dns_tsig_inithmac() {
 }
 
 isc_result_t
-dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring)
+dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ring)
 {
 	isc_result_t ret;
-	dns_c_kdeflist_t *keylist = NULL;
 	
 	REQUIRE(mctx != NULL);
 	REQUIRE(ring != NULL);
@@ -1117,21 +1017,13 @@ dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring)
 	
 	ISC_LIST_INIT((*ring)->keys);
 
-	if (confctx != NULL) {
-		ret = dns_c_ctx_getkdeflist(confctx, &keylist);
-		if (ret == ISC_R_SUCCESS)
-			ret = add_initial_keys(keylist, *ring, mctx);
-		else if (ret != ISC_R_NOTFOUND)
-			return (ret);
-	}
-
 	(*ring)->mctx = mctx;
 
 	return (ISC_R_SUCCESS);
 }
 
 void
-dns_tsig_destroy(dns_tsig_keyring_t **ring) {
+dns_tsigkeyring_destroy(dns_tsig_keyring_t **ring) {
 	isc_mem_t *mctx;
 
 	REQUIRE(ring != NULL);

lib/dns/tsigconf.c

@@ -0,0 +1,150 @@
+/*
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <isc/base64.h>
+#include <isc/lex.h>
+
+#include <dns/confctx.h>
+#include <dns/confkeys.h>
+#include <dns/name.h>
+#include <dns/tsigconf.h>
+
+static isc_result_t
+add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
+		 isc_mem_t *mctx)
+{
+	isc_lex_t *lex = NULL;
+	dns_c_kdef_t *key;
+	unsigned char *secret = NULL;
+	int secretalloc = 0;
+	int secretlen = 0;
+	isc_result_t ret;
+
+	key = ISC_LIST_HEAD(list->keydefs);
+	while (key != NULL) {
+		dns_name_t keyname;
+		dns_name_t alg;
+		char keynamedata[1024], algdata[1024];
+		isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
+		isc_buffer_t secretsrc, secretbuf;
+
+		dns_name_init(&keyname, NULL);
+		dns_name_init(&alg, NULL);
+
+		/* Create the key name */
+		isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid),
+				ISC_BUFFERTYPE_TEXT);
+		isc_buffer_add(&keynamesrc, strlen(key->keyid));
+		isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata),
+				ISC_BUFFERTYPE_BINARY);
+		ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
+					ISC_TRUE, &keynamebuf);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+
+		/* Create the algorithm */
+		if (strcasecmp(key->algorithm, "hmac-md5") == 0)
+			alg = *dns_tsig_hmacmd5_name;
+		else {
+			isc_buffer_init(&algsrc, key->algorithm,
+					strlen(key->algorithm),
+					ISC_BUFFERTYPE_TEXT);
+			isc_buffer_add(&algsrc, strlen(key->algorithm));
+			isc_buffer_init(&algbuf, algdata, sizeof(algdata),
+					ISC_BUFFERTYPE_BINARY);
+			ret = dns_name_fromtext(&alg, &algsrc, dns_rootname,
+						ISC_TRUE, &algbuf);
+			if (ret != ISC_R_SUCCESS)
+				goto failure;
+		}
+
+		if (strlen(key->secret) % 4 != 0) {
+			ret = ISC_R_BADBASE64;
+			goto failure;
+		}
+		secretalloc = secretlen = strlen(key->secret) * 3 / 4;
+		secret = isc_mem_get(mctx, secretlen);
+		if (secret == NULL) {
+			ret = ISC_R_NOMEMORY;
+			goto failure;
+		}
+		isc_buffer_init(&secretsrc, key->secret, strlen(key->secret),
+				ISC_BUFFERTYPE_TEXT);
+		isc_buffer_add(&secretsrc, strlen(key->secret));
+		isc_buffer_init(&secretbuf, secret, secretlen,
+				ISC_BUFFERTYPE_BINARY);
+		ret = isc_lex_create(mctx, strlen(key->secret), &lex);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		ret = isc_lex_openbuffer(lex, &secretsrc);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		ret = isc_base64_tobuffer(lex, &secretbuf, -1);
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		secretlen = ISC_BUFFER_USEDCOUNT(&secretbuf);
+		isc_lex_close(lex);
+		isc_lex_destroy(&lex);
+
+		ret = dns_tsigkey_create(&keyname, &alg, secret, secretlen,
+					 ISC_FALSE, NULL, mctx, ring, NULL);
+		isc_mem_put(mctx, secret, secretalloc);
+		secret = NULL;
+		if (ret != ISC_R_SUCCESS)
+			goto failure;
+		key = ISC_LIST_NEXT(key, next);
+	}
+	return (ISC_R_SUCCESS);
+
+ failure:
+	if (lex != NULL)
+		isc_lex_destroy(&lex);
+	if (secret != NULL)
+		isc_mem_put(mctx, secret, secretlen);
+	return (ret);
+
+}
+
+isc_result_t
+dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
+			   dns_tsig_keyring_t **ringp)
+{
+	dns_c_kdeflist_t *keylist = NULL;
+	dns_tsig_keyring_t *ring = NULL;
+	isc_result_t result;
+
+	result = dns_tsigkeyring_create(mctx, &ring);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+	
+	result = dns_c_ctx_getkdeflist(confctx, &keylist);
+	if (result == ISC_R_SUCCESS)
+		result = add_initial_keys(keylist, ring, mctx);
+	else if (result == ISC_R_NOTFOUND)
+		result = ISC_R_SUCCESS;
+	if (result != ISC_R_SUCCESS)
+		goto failure;
+
+	*ringp = ring;
+	return (ISC_R_SUCCESS);
+
+ failure:
+	dns_tsigkeyring_destroy(&ring);
+	return (result);
+}

lib/dns/view.c

@@ -109,7 +109,7 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
 	view->attributes = (DNS_VIEWATTR_RESSHUTDOWN|DNS_VIEWATTR_ADBSHUTDOWN);
 	view->statickeys = NULL;
 	view->dynamickeys = NULL;
-	result = dns_tsig_init(NULL, view->mctx, &view->dynamickeys);
+	result = dns_tsigkeyring_create(view->mctx, &view->dynamickeys);
 	if (result != DNS_R_SUCCESS)
 		goto cleanup_zt;
 	ISC_LINK_INIT(view, link);
@@ -169,9 +169,9 @@ destroy(dns_view_t *view) {
 	REQUIRE(ADBSHUTDOWN(view));
 
 	if (view->dynamickeys != NULL)	
-		dns_tsig_destroy(&view->dynamickeys);
+		dns_tsigkeyring_destroy(&view->dynamickeys);
 	if (view->statickeys != NULL)	
-		dns_tsig_destroy(&view->statickeys);
+		dns_tsigkeyring_destroy(&view->statickeys);
 	if (view->adb != NULL)
 		dns_adb_detach(&view->adb);
 	if (view->resolver != NULL)
@@ -366,7 +366,7 @@ dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
 	REQUIRE(DNS_VIEW_VALID(view));
 	REQUIRE(ring != NULL);
 	if (view->statickeys != NULL)
-		dns_tsig_destroy(&view->statickeys);
+		dns_tsigkeyring_destroy(&view->statickeys);
 	view->statickeys = ring;
 }
 

util/copyrights

@@ -390,7 +390,9 @@
 ./lib/dns/include/dns/tcpmsg.h			C	1999,2000
 ./lib/dns/include/dns/time.h			C	1999,2000
 ./lib/dns/include/dns/tkey.h			C	1999,2000
+./lib/dns/include/dns/tkeyconf.h		C	1999,2000
 ./lib/dns/include/dns/tsig.h			C	1999,2000
+./lib/dns/include/dns/tsigconf.h		C	1999,2000
 ./lib/dns/include/dns/ttl.h			C	1999,2000
 ./lib/dns/include/dns/types.h			C	1998,1999,2000
 ./lib/dns/include/dns/view.h			C	1999,2000
@@ -522,7 +524,9 @@
 ./lib/dns/tcpmsg.c				C	1999,2000
 ./lib/dns/time.c				C	1998,1999,2000
 ./lib/dns/tkey.c				C	1999,2000
+./lib/dns/tkeyconf.c				C	1999,2000
 ./lib/dns/tsig.c				C	1999,2000
+./lib/dns/tsigconf.c				C	1999,2000
 ./lib/dns/ttl.c					C	1999,2000
 ./lib/dns/version.c				C	1998,1999,2000
 ./lib/dns/view.c				C	1999,2000