move handle to keystores from the view to zonemgr

This is a follow-up of !10895 where the keystore pointer was removed
from the zone (as not specific to the zone) and moved to the view. But
in order to avoid adding extra lifecycle dependencies from the zone to
the view, the keystore pointer is now moved to the zonemgr, which also
makes more sense as this is a global settings, and zonemgr wraps a bunch
of other global settings to be accessibles from the zones.

Because the zonemgr lifecycle is the same of the keystores (which are
both depending on named_g_server) this should be a safe change.

diff --git a/bin/named/server.c b/bin/named/server.c
index d95256f668cc91d8af0aa48882a82b4f91d28540..e93d252c1d0502850f55c4289db1669dbba5e7d4 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -3795,9 +3795,8 @@ static isc_result_t
 configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
               cfg_obj_t *vconfig, named_cachelist_t *cachelist,
               named_cachelist_t *oldcachelist, dns_kasplist_t *kasplist,
-              dns_keystorelist_t *keystores, const cfg_obj_t *bindkeys,
-              isc_mem_t *mctx, cfg_aclconfctx_t *actx, bool need_hints,
-              bool first_time) {
+              const cfg_obj_t *bindkeys, isc_mem_t *mctx,
+              cfg_aclconfctx_t *actx, bool need_hints, bool first_time) {
        const cfg_obj_t *maps[4];
        const cfg_obj_t *cfgmaps[3];
        const cfg_obj_t *optionmaps[3];
@@ -3860,8 +3859,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 
        REQUIRE(DNS_VIEW_VALID(view));
 
-       view->keystores = keystores;
-
        if (config != NULL) {
                (void)cfg_map_get(config, "options", &options);
        }
@@ -8600,12 +8597,8 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
        dns_kasp_detach(&default_kasp);
 
        /*
-        * Save keystore list and kasp list.
+        * Save kasp list.
         */
-       tmpkeystorelist = server->keystorelist;
-       server->keystorelist = keystorelist;
-       keystorelist = tmpkeystorelist;
-
        tmpkasplist = server->kasplist;
        server->kasplist = kasplist;
        kasplist = tmpkasplist;
@@ -8675,11 +8668,10 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
                        goto cleanup_cachelist;
                }
 
-               result = configure_view(
-                       view, &viewlist, config, vconfig, &cachelist,
-                       &server->cachelist, &server->kasplist,
-                       &server->keystorelist, bindkeys, isc_g_mctx,
-                       named_g_aclconfctx, true, first_time);
+               result = configure_view(view, &viewlist, config, vconfig,
+                                       &cachelist, &server->cachelist,
+                                       &server->kasplist, bindkeys, isc_g_mctx,
+                                       named_g_aclconfctx, true, first_time);
                if (result != ISC_R_SUCCESS) {
                        dns_view_detach(&view);
                        goto cleanup_cachelist;
@@ -8698,11 +8690,10 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
                if (result != ISC_R_SUCCESS) {
                        goto cleanup_cachelist;
                }
-               result = configure_view(
-                       view, &viewlist, config, NULL, &cachelist,
-                       &server->cachelist, &server->kasplist,
-                       &server->keystorelist, bindkeys, isc_g_mctx,
-                       named_g_aclconfctx, true, first_time);
+               result = configure_view(view, &viewlist, config, NULL,
+                                       &cachelist, &server->cachelist,
+                                       &server->kasplist, bindkeys, isc_g_mctx,
+                                       named_g_aclconfctx, true, first_time);
                if (result != ISC_R_SUCCESS) {
                        dns_view_detach(&view);
                        goto cleanup_cachelist;
@@ -8726,11 +8717,10 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
                        goto cleanup_cachelist;
                }
 
-               result = configure_view(
-                       view, &viewlist, config, vconfig, &cachelist,
-                       &server->cachelist, &server->kasplist,
-                       &server->keystorelist, bindkeys, isc_g_mctx,
-                       named_g_aclconfctx, false, first_time);
+               result = configure_view(view, &viewlist, config, vconfig,
+                                       &cachelist, &server->cachelist,
+                                       &server->kasplist, bindkeys, isc_g_mctx,
+                                       named_g_aclconfctx, false, first_time);
                if (result != ISC_R_SUCCESS) {
                        dns_view_detach(&view);
                        goto cleanup_cachelist;
@@ -9124,6 +9114,18 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
        server->sctx->altsecrets = altsecrets;
        altsecrets = tmpaltsecrets;
 
+       /*
+        * Swap the new keystores list with the old one (so the new one will be
+        * used and old one will be cleared).
+        */
+       tmpkeystorelist = server->keystorelist;
+       server->keystorelist = keystorelist;
+       keystorelist = tmpkeystorelist;
+       if (first_time) {
+               dns_zonemgr_setkeystores(server->zonemgr,
+                                        &server->keystorelist);
+       }
+
        (void)named_server_loadnta(server);
 
        /*

diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h
index f6b9f71841bc6d29af27b5b9f7ca988d0fc7429f..d536cccbd3ebbb165d101d06f16c49a5f1bcc437 100644 (file)
--- a/lib/dns/include/dns/view.h
+++ b/lib/dns/include/dns/view.h
@@ -79,19 +79,18 @@
 
 struct dns_view {
        /* Unlocked. */
-       unsigned int        magic;
-       isc_mem_t          *mctx;
-       dns_rdataclass_t    rdclass;
-       char               *name;
-       dns_zt_t           *zonetable;
-       dns_resolver_t     *resolver;
-       dns_adb_t          *adb;
-       dns_requestmgr_t   *requestmgr;
-       dns_dispatchmgr_t  *dispatchmgr;
-       dns_cache_t        *cache;
-       dns_db_t           *cachedb;
-       dns_db_t           *hints;
-       dns_keystorelist_t *keystores;
+       unsigned int       magic;
+       isc_mem_t         *mctx;
+       dns_rdataclass_t   rdclass;
+       char              *name;
+       dns_zt_t          *zonetable;
+       dns_resolver_t    *resolver;
+       dns_adb_t         *adb;
+       dns_requestmgr_t  *requestmgr;
+       dns_dispatchmgr_t *dispatchmgr;
+       dns_cache_t       *cache;
+       dns_db_t          *cachedb;
+       dns_db_t          *hints;
 
        /*
         * security roots and negative trust anchors.

diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h
index 0497eb57332763794a6562d58a8a1ae451424a60..a7ce45596493b8d41cec2c308fa715f9756f7368 100644 (file)
--- a/lib/dns/include/dns/zone.h
+++ b/lib/dns/include/dns/zone.h
@@ -2736,6 +2736,24 @@ dns_zone_getzoneversion(dns_zone_t *zone, isc_buffer_t *b);
  * \li ISC_R_FAILURE other failure.
  */
 
+void
+dns_zonemgr_setkeystores(dns_zonemgr_t *zmgr, dns_keystorelist_t *keystores);
+/**<
+ * Set the global setting keystores into the zonemgr, so it can be used from the
+ * DNS code.
+ *
+ * Requires:
+ * \li 'zmgr' to be a valid.
+ * \li  'keystores' to be a valid.
+ */
+
+dns_keystorelist_t *
+dns_zone_getkeystores(dns_zone_t *zone);
+/**<
+ * Get the keystores pointer, it should never be NULL once the server is
+ * initialized.
+ */
+
 #if DNS_ZONE_TRACE
 #define dns_zone_ref(ptr)   dns_zone__ref(ptr, __func__, __FILE__, __LINE__)
 #define dns_zone_unref(ptr) dns_zone__unref(ptr, __func__, __FILE__, __LINE__)

diff --git a/lib/dns/update.c b/lib/dns/update.c
index 911f6a3ebafb1bb0814a7870f3aef0dcfe55eeb1..c5a749e503652a6804fc512bee158ee5440c04bc 100644 (file)
--- a/lib/dns/update.c
+++ b/lib/dns/update.c
@@ -1031,7 +1031,7 @@ find_zone_keys(dns_zone_t *zone, isc_mem_t *mctx, unsigned int maxkeys,
 
        kasp = dns_zone_getkasp(zone);
        keydir = dns_zone_getkeydirectory(zone);
-       keystores = dns_zone_getview(zone)->keystores;
+       keystores = dns_zone_getkeystores(zone);
 
        dns_zone_lock_keyfiles(zone);
        result = dns_dnssec_findmatchingkeys(dns_zone_getorigin(zone), kasp,

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 7277d9849e14ea270f55288ee5b5cba357174817..8ffaeb7982e9ba0e00d3d931294e00025f0211ec 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -637,6 +637,7 @@ struct dns_zonemgr {
        unsigned int startupnotifyrate;
        unsigned int serialqueryrate;
        unsigned int startupserialqueryrate;
+       dns_keystorelist_t *keystores;
 
        dns_keymgmt_t *keymgmt;
 
@@ -6854,7 +6855,7 @@ dns_zone_getdnsseckeys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
        /* Get keys from private key files. */
        dns_zone_lock_keyfiles(zone);
        result = dns_dnssec_findmatchingkeys(origin, kasp, dir,
-                                            zone->view->keystores, now,
+                                            dns_zone_getkeystores(zone), now,
                                             dns_zone_getmctx(zone), keys);
        dns_zone_unlock_keyfiles(zone);
 
@@ -16693,7 +16694,7 @@ dns_zone_dnskey_inuse(dns_zone_t *zone, dns_rdata_t *rdata, bool *inuse) {
 
        kasp = dns_zone_getkasp(zone);
        keydir = dns_zone_getkeydirectory(zone);
-       keystores = zone->view->keystores;
+       keystores = dns_zone_getkeystores(zone);
 
        dns_zone_lock_keyfiles(zone);
        result = dns_dnssec_findmatchingkeys(dns_zone_getorigin(zone), kasp,
@@ -19804,6 +19805,16 @@ dns_zonemgr_setstartupnotifyrate(dns_zonemgr_t *zmgr, unsigned int value) {
        setrl(zmgr->startupnotifyrl, &zmgr->startupnotifyrate, value);
 }
 
+void
+dns_zonemgr_setkeystores(dns_zonemgr_t *zmgr, dns_keystorelist_t *keystores) {
+       zmgr->keystores = keystores;
+}
+
+dns_keystorelist_t *
+dns_zone_getkeystores(dns_zone_t *zone) {
+       return zone->zmgr->keystores;
+}
+
 void
 dns_zonemgr_setserialqueryrate(dns_zonemgr_t *zmgr, unsigned int value) {
        REQUIRE(DNS_ZONEMGR_VALID(zmgr));
@@ -22392,8 +22403,8 @@ zone_rekey(dns_zone_t *zone) {
 
        dns_zone_lock_keyfiles(zone);
        result = dns_dnssec_findmatchingkeys(&zone->origin, kasp, dir,
-                                            zone->view->keystores, now, mctx,
-                                            &keys);
+                                            dns_zone_getkeystores(zone), now,
+                                            mctx, &keys);
        dns_zone_unlock_keyfiles(zone);
 
        if (result != ISC_R_SUCCESS) {