return (result);
}
-static isc_result_t
-update_sigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
- dst_key_t *zone_keys[], unsigned int nkeys, dns_zone_t *zone,
- isc_stdtime_t inception, isc_stdtime_t expire,
- isc_stdtime_t keyexpire, isc_stdtime_t now,
- isc_boolean_t check_ksk, isc_boolean_t keyset_kskonly,
- dns__zonediff_t *zonediff)
+/*%
+ * Add/remove DNSSEC signatures for the list of "raw" zone changes supplied in
+ * 'diff'. Gradually remove tuples from 'diff' and append them to 'zonediff'
+ * along with tuples representing relevant signature changes.
+ */
+isc_result_t
+dns__zone_updatesigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
+ dst_key_t *zone_keys[], unsigned int nkeys,
+ dns_zone_t *zone, isc_stdtime_t inception,
+ isc_stdtime_t expire, isc_stdtime_t keyexpire,
+ isc_stdtime_t now, isc_boolean_t check_ksk,
+ isc_boolean_t keyset_kskonly, dns__zonediff_t *zonediff)
{
dns_difftuple_t *tuple;
isc_result_t result;
zone_keys, nkeys, now, ISC_FALSE);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR,
- "update_sigs:del_sigs -> %s",
+ "dns__zone_updatesigs:del_sigs -> %s",
dns_result_totext(result));
return (result);
}
exp, check_ksk, keyset_kskonly);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR,
- "update_sigs:add_sigs -> %s",
+ "dns__zone_updatesigs:add_sigs -> %s",
dns_result_totext(result));
return (result);
}
*
* Note that the "signatures" variable is only used here to limit the
* amount of work performed. Actual DNSSEC signatures are only
- * generated by update_sigs() calls later in this function.
+ * generated by dns__zone_updatesigs() calls later in this function.
*/
while (nsec3chain != NULL && nodes-- > 0 && signatures > 0) {
LOCK_ZONE(zone);
*/
if (nsec3chain != NULL)
dns_dbiterator_pause(nsec3chain->dbiterator);
- result = update_sigs(&nsec3_diff, db, version, zone_keys,
- nkeys, zone, inception, expire, 0, now,
- check_ksk, keyset_kskonly, &zonediff);
+ result = dns__zone_updatesigs(&nsec3_diff, db, version, zone_keys,
+ nkeys, zone, inception, expire, 0, now,
+ check_ksk, keyset_kskonly, &zonediff);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
- "update_sigs -> %s", dns_result_totext(result));
+ "dns__zone_updatesigs -> %s",
+ dns_result_totext(result));
goto failure;
}
* We have changed the NSEC3PARAM or private RRsets
* above so we need to update the signatures.
*/
- result = update_sigs(¶m_diff, db, version, zone_keys,
- nkeys, zone, inception, expire, 0, now,
- check_ksk, keyset_kskonly, &zonediff);
+ result = dns__zone_updatesigs(¶m_diff, db, version, zone_keys,
+ nkeys, zone, inception, expire, 0, now,
+ check_ksk, keyset_kskonly, &zonediff);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
- "update_sigs -> %s", dns_result_totext(result));
+ "dns__zone_updatesigs -> %s",
+ dns_result_totext(result));
goto failure;
}
}
}
- result = update_sigs(&nsec_diff, db, version, zone_keys,
- nkeys, zone, inception, expire, 0, now,
- check_ksk, keyset_kskonly, &zonediff);
+ result = dns__zone_updatesigs(&nsec_diff, db, version, zone_keys,
+ nkeys, zone, inception, expire, 0, now,
+ check_ksk, keyset_kskonly, &zonediff);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
- "update_sigs -> %s", dns_result_totext(result));
+ "dns__zone_updatesigs -> %s",
+ dns_result_totext(result));
goto failure;
}
}
if (ISC_LIST_HEAD(post_diff.tuples) != NULL) {
- result = update_sigs(&post_diff, db, version, zone_keys,
- nkeys, zone, inception, expire, 0, now,
- check_ksk, keyset_kskonly, &zonediff);
+ result = dns__zone_updatesigs(&post_diff, db, version,
+ zone_keys, nkeys, zone,
+ inception, expire, 0, now,
+ check_ksk, keyset_kskonly,
+ &zonediff);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR, "zone_sign:"
- "update_sigs -> %s",
+ "dns__zone_updatesigs -> %s",
dns_result_totext(result));
goto failure;
}
keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY);
/*
- * See if update_sigs will update DNSKEY signature and if not
- * cause them to sign so that so that newly activated keys
- * are used.
+ * See if dns__zone_updatesigs() will update DNSKEY signature and if
+ * not cause them to sign so that newly activated keys are used.
*/
for (tuple = ISC_LIST_HEAD(diff->tuples);
tuple != NULL;
}
}
- result = update_sigs(diff, db, ver, zone_keys, nkeys, zone,
- inception, soaexpire, keyexpire, now,
- check_ksk, keyset_kskonly, zonediff);
+ result = dns__zone_updatesigs(diff, db, ver, zone_keys, nkeys, zone,
+ inception, soaexpire, keyexpire, now,
+ check_ksk, keyset_kskonly, zonediff);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR,
- "sign_apex:update_sigs -> %s",
+ "sign_apex:dns__zone_updatesigs -> %s",
dns_result_totext(result));
goto failure;
}
projects / thirdparty / bind9.git / commitdiff
