isc_result_t ret;
isc_buffer_t *databuf = NULL;
char data[256 + 8];
- uint32_t flags;
unsigned int sigsize;
dns_fixedname_t fnewname;
dns_fixedname_t fsigner;
return DNS_R_INVALIDTIME;
}
- /*
- * Is the key allowed to sign data?
- */
- flags = dst_key_flags(key);
- if ((flags & DNS_KEYTYPE_NOAUTH) != 0) {
- return DNS_R_KEYUNAUTHORIZED;
- }
- if ((flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE) {
- return DNS_R_KEYUNAUTHORIZED;
- }
-
sig.mctx = mctx;
sig.common.rdclass = set->rdclass;
sig.common.rdtype = dns_rdatatype_rrsig;
unsigned char data[300];
dst_context_t *ctx = NULL;
int labels = 0;
- uint32_t flags;
bool downcase = false;
REQUIRE(name != NULL);
break;
}
- /*
- * Is the key allowed to sign data?
- */
- flags = dst_key_flags(key);
- if ((flags & DNS_KEYTYPE_NOAUTH) != 0) {
- inc_stat(dns_dnssecstats_fail);
- return DNS_R_KEYUNAUTHORIZED;
- }
- if ((flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE) {
- inc_stat(dns_dnssecstats_fail);
- return DNS_R_KEYUNAUTHORIZED;
- }
-
again:
ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false,
maxbits, &ctx);
RETERR(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey));
dst_key_setttl(dnskey, keys.ttl);
- if (!is_zone_key(dnskey) ||
- (dst_key_flags(dnskey) & DNS_KEYTYPE_NOAUTH) != 0)
- {
+ if (!is_zone_key(dnskey)) {
goto skip;
}
}
RETERR(result);
- /* This should never happen. */
- if ((dst_key_flags(privkey) & DNS_KEYTYPE_NOAUTH) != 0) {
- goto skip;
- }
-
/*
* Whatever the key's default TTL may have
* been, the rdataset TTL takes priority.
result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
- if ((dnskey.flags & (DNS_KEYFLAG_OWNERMASK |
- DNS_KEYTYPE_NOAUTH)) != DNS_KEYOWNER_ZONE)
+ if ((dnskey.flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE)
{
ISC_LIST_UNLINK(diff->tuples, tuple, link);
ISC_LIST_APPEND(tuples, tuple, link);
projects / thirdparty / bind9.git / commitdiff
