From: Evan Hunt Date: Tue, 17 Sep 2019 04:06:23 +0000 (-0700) Subject: allow DS trust anchors to be set in keytable X-Git-Tag: v9.15.6~7^2~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=854af5a353eb97d1a0ca840dea45ac1305a29dd2;p=thirdparty%2Fbind9.git allow DS trust anchors to be set in keytable note: this is a frankensteinian kluge which needs further refactoring. the keytable started as an RBT where the node->data points to a list of dns_keynode structures, each of which points to a single dst_key. later it was modified so that the list could instead point to a single "null" keynode structure, which does not reference a key; this means a trust anchor has been configured but the RFC 5011 refresh failed. in this branch it is further updated to allow the first keynode in the list to point to an rdatalist of DS-style trust anchors. these will be used by the validator to populate 'val->dsset' when validating a zone key. a DS style trust anchor can be updated as a result of RFC 5011 processing to contain DST keys instead; this results in the DS list being freed. the reverse is not possible; attempting to add a DS-style trust anchor if a key-style trust anchor is already in place results in an error. later, this should be refactored to use rdatalists for both DS-style and key-style trust anchors, but we're keeping the existing code for old-style trust anchors for now. --- diff --git a/bin/named/server.c b/bin/named/server.c index d6f912cbfbc..1b63900bd9e 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1017,7 +1017,9 @@ process_key(const cfg_obj_t *key, dns_keytable_t *secroots, * 'managed' and 'initializing' arguments to dns_keytable_add(). */ result = dns_keytable_add(secroots, initializing, - initializing, &dstkey); + initializing, keyname, + dstkey != NULL ? &dstkey : NULL, + ds); done: /* @@ -1030,7 +1032,7 @@ process_key(const cfg_obj_t *key, dns_keytable_t *secroots, } /* - * Ensure 'ds' does not leak. + * Free 'ds'. */ if (ds != NULL) { dns_rdata_freestruct(ds); diff --git a/lib/dns/client.c b/lib/dns/client.c index 48ed6aa88c9..971c4e3af26 100644 --- a/lib/dns/client.c +++ b/lib/dns/client.c @@ -1507,7 +1507,8 @@ dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass, if (result != ISC_R_SUCCESS) goto cleanup; - result = dns_keytable_add(secroots, false, false, &dstkey); + result = dns_keytable_add(secroots, false, false, + dst_key_name(dstkey), &dstkey, NULL); cleanup: if (dstkey != NULL) diff --git a/lib/dns/include/dns/keytable.h b/lib/dns/include/dns/keytable.h index 66fc5c1a84c..0a68cb037c1 100644 --- a/lib/dns/include/dns/keytable.h +++ b/lib/dns/include/dns/keytable.h @@ -42,6 +42,7 @@ #include #include +#include #include #include @@ -105,10 +106,14 @@ dns_keytable_detach(dns_keytable_t **keytablep); */ isc_result_t -dns_keytable_add(dns_keytable_t *keytable, bool managed, - bool initial, dst_key_t **keyp); +dns_keytable_add(dns_keytable_t *keytable, + bool managed, bool initial, + dns_name_t *name, dst_key_t **keyp, dns_rdata_ds_t *ds); /*%< - * Add '*keyp' to 'keytable' (using the name in '*keyp'). + * Add a key to 'keytable'. The keynode associated with 'name' + * is updated with either the key referenced in '*keyp' + * or with the DS specified in 'ds'. + * * The value of keynode->managed is set to 'managed', and the * value of keynode->initial is set to 'initial'. (Note: 'initial' * should only be used when adding managed-keys from configuration. @@ -119,6 +124,12 @@ dns_keytable_add(dns_keytable_t *keytable, bool managed, * Notes: * *\li Ownership of *keyp is transferred to the keytable. + *\li If 'keyp' is not NULL and DS-style keys already exist + * in the table for this name, they are freed before adding + * the new key. + *\li If 'ds' is not NULL and key-style keys already exist + * in the table for this name, return ISC_R_EXISTS. DS keys + * can be updated to key-style, but not vice versa. *\li If the key already exists in the table, ISC_R_EXISTS is * returned and the new key is freed. * @@ -407,6 +418,19 @@ dns_keynode_key(dns_keynode_t *keynode); * Get the DST key associated with keynode. */ +dns_rdataset_t * +dns_keynode_dsset(dns_keynode_t *keynode); +/*%< + * Return a pointer to the DS RRset associated with 'keynode'. + * + * Returns: + *\li ISC_R_SUCCESS + *\li ISC_R_FAILURE if the keynode does not contain a DS trust anchor. + * + * Requires: + *\li 'keynode' is valid. + */ + bool dns_keynode_managed(dns_keynode_t *keynode); /*%< diff --git a/lib/dns/keytable.c b/lib/dns/keytable.c index a154699d452..55aecc28926 100644 --- a/lib/dns/keytable.c +++ b/lib/dns/keytable.c @@ -24,6 +24,10 @@ #include #include #include +#include +#include +#include +#include #include #define KEYTABLE_MAGIC ISC_MAGIC('K', 'T', 'b', 'l') @@ -46,10 +50,12 @@ struct dns_keytable { struct dns_keynode { unsigned int magic; isc_refcount_t refcount; - dst_key_t * key; + dst_key_t *key; + dns_rdatalist_t *dslist; + dns_rdataset_t dsset; bool managed; bool initial; - struct dns_keynode * next; + struct dns_keynode *next; }; static void @@ -135,12 +141,32 @@ dns_keytable_detach(dns_keytable_t **keytablep) { } } +static void +free_dslist(isc_mem_t *mctx, dns_keynode_t *knode) { + dns_rdata_t *rdata = NULL; + + for (rdata = ISC_LIST_HEAD(knode->dslist->rdata); + rdata != NULL; + rdata = ISC_LIST_HEAD(knode->dslist->rdata)) + { + ISC_LIST_UNLINK(knode->dslist->rdata, rdata, link); + isc_mem_put(mctx, rdata->data, DNS_DS_BUFFERSIZE); + isc_mem_put(mctx, rdata, sizeof(*rdata)); + } + + isc_mem_put(mctx, knode->dslist, sizeof(*knode->dslist)); + knode->dslist = NULL; +} + /*% - * Search "node" for either a null key node or a key node for the exact same - * key as the one supplied in "keyp" and, if found, update it accordingly. + * Search "node" for an empty or DS-style keynode, or a keynode for the + * exact same key as the one supplied in "keyp" and, if found, update it + * accordingly. */ static isc_result_t -update_keynode(dst_key_t **keyp, dns_rbtnode_t *node, bool initial) { +update_keynode(dns_keytable_t *keytable, dns_rbtnode_t *node, + dst_key_t **keyp, bool initial) +{ dns_keynode_t *knode; REQUIRE(keyp != NULL && *keyp != NULL); @@ -149,13 +175,17 @@ update_keynode(dst_key_t **keyp, dns_rbtnode_t *node, bool initial) { for (knode = node->data; knode != NULL; knode = knode->next) { if (knode->key == NULL) { /* - * Null key node found. Attach the supplied key to it, - * making it a non-null key node and transferring key + * Null or DS-style keynode found. Detach + * the DS rdatalist if present. Attach the + * supplied key to it, transferring key * ownership to the keytable. */ + if (knode->dslist != NULL) { + free_dslist(keytable->mctx, knode); + } + knode->key = *keyp; *keyp = NULL; - return (ISC_R_SUCCESS); } else if (dst_key_compare(knode->key, *keyp)) { /* * Key node found for the supplied key. Free the @@ -163,11 +193,15 @@ update_keynode(dst_key_t **keyp, dns_rbtnode_t *node, bool initial) { * node's flags if necessary. */ dst_key_free(keyp); - if (!initial) { - dns_keynode_trust(knode); - } - return (ISC_R_SUCCESS); + } else { + continue; } + + if (!initial) { + dns_keynode_trust(knode); + } + + return (ISC_R_SUCCESS); } return (ISC_R_NOTFOUND); @@ -179,9 +213,9 @@ update_keynode(dst_key_t **keyp, dns_rbtnode_t *node, bool initial) { * one attached to "node" in "keytable". */ static isc_result_t -prepend_keynode(dst_key_t **keyp, dns_rbtnode_t *node, - dns_keytable_t *keytable, bool managed, - bool initial) +prepend_keynode(dst_key_t **keyp, dns_rdata_ds_t *ds, + dns_rbtnode_t *node, dns_keytable_t *keytable, + bool managed, bool initial) { dns_keynode_t *knode = NULL; isc_result_t result; @@ -196,15 +230,60 @@ prepend_keynode(dst_key_t **keyp, dns_rbtnode_t *node, } /* - * If a key was supplied, transfer its ownership to the keytable. + * If a dst_key was supplied, transfer its ownership to the keytable. + * Otherwise, if a DS was supplied, append it to the rdatalist + * (initializing if necessary). */ - if (keyp) { + if (keyp != NULL) { + if (knode->dslist != NULL) { + free_dslist(keytable->mctx, knode); + } knode->key = *keyp; *keyp = NULL; + } else if (ds != NULL) { + dns_rdata_t *rdata = NULL; + void *data = NULL; + isc_buffer_t b; + + if (knode->dslist == NULL) { + knode->dslist = isc_mem_get(keytable->mctx, + sizeof(*knode->dslist)); + dns_rdatalist_init(knode->dslist); + knode->dslist->rdclass = dns_rdataclass_in; + knode->dslist->type = dns_rdatatype_ds; + knode->dslist->ttl = 0; + } + + rdata = isc_mem_get(keytable->mctx, sizeof(*rdata)); + dns_rdata_init(rdata); + + data = isc_mem_get(keytable->mctx, DNS_DS_BUFFERSIZE); + isc_buffer_init(&b, data, DNS_DS_BUFFERSIZE); + + result = dns_rdata_fromstruct(rdata, dns_rdataclass_in, + dns_rdatatype_ds, ds, &b); + if (result != ISC_R_SUCCESS) { + return (result); + } + + ISC_LIST_APPEND(knode->dslist->rdata, rdata, link); + + if (dns_rdataset_isassociated(&knode->dsset)) { + dns_rdataset_disassociate(&knode->dsset); + } + + result = dns_rdatalist_tordataset(knode->dslist, + &knode->dsset); + if (result != ISC_R_SUCCESS) { + return (result); + } + + knode->dsset.trust = dns_trust_ultimate; } knode->managed = managed; knode->initial = initial; + knode->next = node->data; node->data = knode; @@ -219,7 +298,7 @@ prepend_keynode(dst_key_t **keyp, dns_rbtnode_t *node, */ static isc_result_t insert(dns_keytable_t *keytable, bool managed, bool initial, - const dns_name_t *keyname, dst_key_t **keyp) + const dns_name_t *keyname, dst_key_t **keyp, dns_rdata_ds_t *ds) { dns_rbtnode_t *node = NULL; isc_result_t result; @@ -232,17 +311,17 @@ insert(dns_keytable_t *keytable, bool managed, bool initial, if (result == ISC_R_SUCCESS) { /* * There was no node for "keyname" in "keytable" yet, so one - * was created. Create a new key node for the supplied key (or - * a null key node if "keyp" is NULL) and attach it to the - * created node. + * was created. Create a new key node for the supplied + * trust anchor (or a null key node if both "keyp" and + * "ds" are NULL) and attach it to the created node. */ - result = prepend_keynode(keyp, node, keytable, managed, - initial); + result = prepend_keynode(keyp, ds, node, keytable, + managed, initial); } else if (result == ISC_R_EXISTS) { /* * A node already exists for "keyname" in "keytable". */ - if (keyp == NULL) { + if (keyp == NULL && ds == NULL) { /* * We were told to add a null key at "keyname", which * means there is nothing left to do as there is either @@ -252,7 +331,7 @@ insert(dns_keytable_t *keytable, bool managed, bool initial, * "keyname" is already marked as secure. */ result = ISC_R_SUCCESS; - } else { + } else if (keyp != NULL) { /* * We were told to add the key supplied in "keyp" at * "keyname". Try to find an already existing key node @@ -260,7 +339,7 @@ insert(dns_keytable_t *keytable, bool managed, bool initial, * node or a key node for the exact same key) and, if * found, update it accordingly. */ - result = update_keynode(keyp, node, initial); + result = update_keynode(keytable, node, keyp, initial); if (result == ISC_R_NOTFOUND) { /* * The node for "keyname" only contains key @@ -268,9 +347,13 @@ insert(dns_keytable_t *keytable, bool managed, bool initial, * one. Create a new key node for the supplied * key and prepend it before the others. */ - result = prepend_keynode(keyp, node, keytable, + result = prepend_keynode(keyp, NULL, + node, keytable, managed, initial); } + } else if (ds != NULL) { + result = prepend_keynode(NULL, ds, node, keytable, + managed, initial); } } @@ -280,17 +363,19 @@ insert(dns_keytable_t *keytable, bool managed, bool initial, } isc_result_t -dns_keytable_add(dns_keytable_t *keytable, bool managed, - bool initial, dst_key_t **keyp) +dns_keytable_add(dns_keytable_t *keytable, + bool managed, bool initial, + dns_name_t *name, dst_key_t **keyp, dns_rdata_ds_t *ds) { - REQUIRE(keyp != NULL && *keyp != NULL); + REQUIRE(keyp == NULL || *keyp != NULL); + REQUIRE(keyp != NULL || ds != NULL); REQUIRE(!initial || managed); - return (insert(keytable, managed, initial, dst_key_name(*keyp), keyp)); + return (insert(keytable, managed, initial, name, keyp, ds)); } isc_result_t dns_keytable_marksecure(dns_keytable_t *keytable, const dns_name_t *name) { - return (insert(keytable, true, false, name, NULL)); + return (insert(keytable, true, false, name, NULL, NULL)); } isc_result_t @@ -420,8 +505,9 @@ dns_keytable_nextkeynode(dns_keytable_t *keytable, dns_keynode_t *keynode, REQUIRE(VALID_KEYNODE(keynode)); REQUIRE(nextnodep != NULL && *nextnodep == NULL); - if (keynode->next == NULL) + if (keynode->next == NULL) { return (ISC_R_NOTFOUND); + } dns_keynode_attach(keynode->next, nextnodep); isc_refcount_increment(&keytable->active_nodes); @@ -459,25 +545,29 @@ dns_keytable_findkeynode(dns_keytable_t *keytable, const dns_name_t *name, knode = NULL; data = NULL; result = dns_rbt_findname(keytable->table, name, 0, NULL, &data); - if (result == ISC_R_SUCCESS) { INSIST(data != NULL); + for (knode = data; knode != NULL; knode = knode->next) { if (knode->key == NULL) { knode = NULL; break; } - if (algorithm == dst_key_alg(knode->key) - && tag == dst_key_id(knode->key)) + if (algorithm == dst_key_alg(knode->key) && + tag == dst_key_id(knode->key)) + { break; + } } if (knode != NULL) { isc_refcount_increment0(&keytable->active_nodes); dns_keynode_attach(knode, keynodep); - } else + } else { result = DNS_R_PARTIALMATCH; - } else if (result == DNS_R_PARTIALMATCH) + } + } else if (result == DNS_R_PARTIALMATCH) { result = ISC_R_NOTFOUND; + } RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read); @@ -507,14 +597,17 @@ dns_keytable_findnextkeynode(dns_keytable_t *keytable, dns_keynode_t *keynode, } if (dst_key_alg(keynode->key) == dst_key_alg(knode->key) && dst_key_id(keynode->key) == dst_key_id(knode->key)) + { break; + } } if (knode != NULL) { isc_refcount_increment(&keytable->active_nodes); result = ISC_R_SUCCESS; dns_keynode_attach(knode, nextnodep); - } else + } else { result = ISC_R_NOTFOUND; + } return (result); } @@ -539,8 +632,9 @@ dns_keytable_finddeepestmatch(dns_keytable_t *keytable, const dns_name_t *name, data = NULL; result = dns_rbt_findname(keytable->table, name, 0, foundname, &data); - if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) + if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) { result = ISC_R_SUCCESS; + } RWUNLOCK(&keytable->rwlock, isc_rwlocktype_read); @@ -616,8 +710,9 @@ putstr(isc_buffer_t **b, const char *str) { isc_result_t result; result = isc_buffer_reserve(b, strlen(str)); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { return (result); + } isc_buffer_putstr(*b, str); return (ISC_R_SUCCESS); @@ -639,9 +734,9 @@ dns_keytable_dump(dns_keytable_t *keytable, FILE *fp) { if (isc_buffer_usedlength(text) != 0) { (void) putstr(&text, "\n"); - } else if (result == ISC_R_SUCCESS) + } else if (result == ISC_R_SUCCESS) { (void) putstr(&text, "none"); - else { + } else { (void) putstr(&text, "could not dump key table: "); (void) putstr(&text, isc_result_totext(result)); } @@ -653,44 +748,112 @@ dns_keytable_dump(dns_keytable_t *keytable, FILE *fp) { return (result); } +static isc_result_t +keynode_dslist_totext(dns_name_t *name, dns_keynode_t *keynode, + isc_buffer_t **text) +{ + isc_result_t result; + char namebuf[DNS_NAME_FORMATSIZE]; + char obuf[DNS_NAME_FORMATSIZE + 200]; + dns_rdataset_t *dsset = NULL; + + dns_name_format(name, namebuf, sizeof(namebuf)); + + dsset = dns_keynode_dsset(keynode); + + for (result = dns_rdataset_first(dsset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(dsset)) + { + char algbuf[DNS_SECALG_FORMATSIZE]; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_ds_t ds; + + dns_rdataset_current(dsset, &rdata); + result = dns_rdata_tostruct(&rdata, &ds, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + dns_secalg_format(ds.algorithm, algbuf, sizeof(algbuf)); + + snprintf(obuf, sizeof(obuf), "%s/%s/%d ; %s%s (DS)\n", + namebuf, algbuf, ds.key_tag, + keynode->initial ? "initializing " : "", + keynode->managed ? "managed" : "static"); + + result = putstr(text, obuf); + if (result != ISC_R_SUCCESS) { + return (result); + } + } + + return (ISC_R_SUCCESS); +} + isc_result_t dns_keytable_totext(dns_keytable_t *keytable, isc_buffer_t **text) { isc_result_t result; dns_keynode_t *knode; dns_rbtnode_t *node; dns_rbtnodechain_t chain; + dns_name_t *foundname, *origin, *fullname; + dns_fixedname_t fixedfoundname, fixedorigin, fixedfullname; REQUIRE(VALID_KEYTABLE(keytable)); REQUIRE(text != NULL && *text != NULL); + origin = dns_fixedname_initname(&fixedorigin); + fullname = dns_fixedname_initname(&fixedfullname); + foundname = dns_fixedname_initname(&fixedfoundname); + RWLOCK(&keytable->rwlock, isc_rwlocktype_read); dns_rbtnodechain_init(&chain); result = dns_rbtnodechain_first(&chain, keytable->table, NULL, NULL); if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { - if (result == ISC_R_NOTFOUND) + if (result == ISC_R_NOTFOUND) { result = ISC_R_SUCCESS; + } goto cleanup; } for (;;) { char pbuf[DST_KEY_FORMATSIZE]; - dns_rbtnodechain_current(&chain, NULL, NULL, &node); - for (knode = node->data; knode != NULL; knode = knode->next) { + dns_rbtnodechain_current(&chain, foundname, origin, &node); + + knode = node->data; + if (knode != NULL && knode->dslist != NULL) { + result = dns_name_concatenate(foundname, origin, + fullname, NULL); + if (result != ISC_R_SUCCESS) { + goto cleanup; + } + + result = keynode_dslist_totext(fullname, knode, text); + goto cleanup; + } + + for (; knode != NULL; knode = knode->next) { char obuf[DNS_NAME_FORMATSIZE + 200]; - if (knode->key == NULL) + + if (knode->key == NULL) { continue; + } + dst_key_format(knode->key, pbuf, sizeof(pbuf)); snprintf(obuf, sizeof(obuf), "%s ; %s%s\n", pbuf, knode->initial ? "initializing " : "", knode->managed ? "managed" : "static"); + result = putstr(text, obuf); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { break; + } } + result = dns_rbtnodechain_next(&chain, NULL, NULL); if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { - if (result == ISC_R_NOMORE) + if (result == ISC_R_NOMORE) { result = ISC_R_SUCCESS; + } break; } } @@ -716,19 +879,22 @@ dns_keytable_forall(dns_keytable_t *keytable, dns_rbtnodechain_init(&chain); result = dns_rbtnodechain_first(&chain, keytable->table, NULL, NULL); if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { - if (result == ISC_R_NOTFOUND) + if (result == ISC_R_NOTFOUND) { result = ISC_R_SUCCESS; + } goto cleanup; } isc_refcount_increment0(&keytable->active_nodes); for (;;) { dns_rbtnodechain_current(&chain, NULL, NULL, &node); - if (node->data != NULL) + if (node->data != NULL) { (*func)(keytable, node->data, arg); + } result = dns_rbtnodechain_next(&chain, NULL, NULL); if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { - if (result == ISC_R_NOMORE) + if (result == ISC_R_NOMORE) { result = ISC_R_SUCCESS; + } break; } } @@ -747,6 +913,17 @@ dns_keynode_key(dns_keynode_t *keynode) { return (keynode->key); } +dns_rdataset_t * +dns_keynode_dsset(dns_keynode_t *keynode) { + REQUIRE(VALID_KEYNODE(keynode)); + + if (keynode->dslist != NULL) { + return (&keynode->dsset); + } + + return (NULL); +} + bool dns_keynode_managed(dns_keynode_t *keynode) { REQUIRE(VALID_KEYNODE(keynode)); @@ -780,6 +957,8 @@ dns_keynode_create(isc_mem_t *mctx, dns_keynode_t **target) { knode->managed = false; knode->initial = false; knode->key = NULL; + knode->dslist = NULL; + dns_rdataset_init(&knode->dsset); knode->next = NULL; isc_refcount_init(&knode->refcount, 1); @@ -796,17 +975,23 @@ dns_keynode_attach(dns_keynode_t *source, dns_keynode_t **target) { } void -dns_keynode_detach(isc_mem_t *mctx, dns_keynode_t **keynode) { - REQUIRE(keynode != NULL && VALID_KEYNODE(*keynode)); - dns_keynode_t *node = *keynode; - *keynode = NULL; +dns_keynode_detach(isc_mem_t *mctx, dns_keynode_t **keynodep) { + REQUIRE(keynodep != NULL && VALID_KEYNODE(*keynodep)); + dns_keynode_t *knode = *keynodep; + *keynodep = NULL; - if (isc_refcount_decrement(&node->refcount) == 1) { - isc_refcount_destroy(&node->refcount); - if (node->key != NULL) { - dst_key_free(&node->key); + if (isc_refcount_decrement(&knode->refcount) == 1) { + isc_refcount_destroy(&knode->refcount); + if (knode->key != NULL) { + dst_key_free(&knode->key); + } + if (knode->dslist != NULL) { + if (dns_rdataset_isassociated(&knode->dsset)) { + dns_rdataset_disassociate(&knode->dsset); + } + free_dslist(mctx, knode); } - isc_mem_put(mctx, node, sizeof(dns_keynode_t)); + isc_mem_put(mctx, knode, sizeof(dns_keynode_t)); } } diff --git a/lib/dns/tests/keytable_test.c b/lib/dns/tests/keytable_test.c index c6f777f03a8..0ad5323ea77 100644 --- a/lib/dns/tests/keytable_test.c +++ b/lib/dns/tests/keytable_test.c @@ -155,12 +155,14 @@ create_tables() { /* Add a normal key */ create_key(257, 3, 5, "example.com", keystr1, &key); - assert_int_equal(dns_keytable_add(keytable, false, false, &key), + assert_int_equal(dns_keytable_add(keytable, false, false, + dst_key_name(key), &key, NULL), ISC_R_SUCCESS); /* Add an initializing managed key */ create_key(257, 3, 5, "managed.com", keystr1, &key); - assert_int_equal(dns_keytable_add(keytable, true, true, &key), + assert_int_equal(dns_keytable_add(keytable, true, true, + dst_key_name(key), &key, NULL), ISC_R_SUCCESS); /* Add a null key */ @@ -216,7 +218,8 @@ add_test(void **state) { * nextkeynode() should still return NOTFOUND. */ create_key(257, 3, 5, "example.com", keystr1, &key); - assert_int_equal(dns_keytable_add(keytable, false, false, &key), + assert_int_equal(dns_keytable_add(keytable, false, false, + dst_key_name(key), &key, NULL), ISC_R_SUCCESS); assert_int_equal(dns_keytable_nextkeynode(keytable, keynode, &next_keynode), @@ -225,7 +228,8 @@ add_test(void **state) { /* Add another key (different keydata) */ dns_keytable_detachkeynode(keytable, &keynode); create_key(257, 3, 5, "example.com", keystr2, &key); - assert_int_equal(dns_keytable_add(keytable, false, false, &key), + assert_int_equal(dns_keytable_add(keytable, false, false, + dst_key_name(key), &key, NULL), ISC_R_SUCCESS); assert_int_equal(dns_keytable_find(keytable, str2name("example.com"), &keynode), @@ -259,7 +263,8 @@ add_test(void **state) { * ISC_R_NOTFOUND and that the added key is an initializing key. */ create_key(257, 3, 5, "managed.com", keystr2, &key); - assert_int_equal(dns_keytable_add(keytable, true, true, &key), + assert_int_equal(dns_keytable_add(keytable, true, true, + dst_key_name(key), &key, NULL), ISC_R_SUCCESS); assert_int_equal(dns_keytable_find(keytable, str2name("managed.com"), &keynode), @@ -278,7 +283,8 @@ add_test(void **state) { * nodes for managed.com, both containing non-initializing keys. */ create_key(257, 3, 5, "managed.com", keystr2, &key); - assert_int_equal(dns_keytable_add(keytable, true, false, &key), + assert_int_equal(dns_keytable_add(keytable, true, false, + dst_key_name(key), &key, NULL), ISC_R_SUCCESS); assert_int_equal(dns_keytable_find(keytable, str2name("managed.com"), &keynode), @@ -302,7 +308,8 @@ add_test(void **state) { * that the added key is an initializing key. */ create_key(257, 3, 5, "two.com", keystr1, &key); - assert_int_equal(dns_keytable_add(keytable, true, true, &key), + assert_int_equal(dns_keytable_add(keytable, true, true, + dst_key_name(key), &key, NULL), ISC_R_SUCCESS); assert_int_equal(dns_keytable_find(keytable, str2name("two.com"), &keynode), @@ -319,7 +326,8 @@ add_test(void **state) { * ISC_R_NOTFOUND and that the added key is not an initializing key. */ create_key(257, 3, 5, "two.com", keystr2, &key); - assert_int_equal(dns_keytable_add(keytable, true, false, &key), + assert_int_equal(dns_keytable_add(keytable, true, false, + dst_key_name(key), &key, NULL), ISC_R_SUCCESS); assert_int_equal(dns_keytable_find(keytable, str2name("two.com"), &keynode), @@ -337,7 +345,8 @@ add_test(void **state) { * nodes for two.com, both containing non-initializing keys. */ create_key(257, 3, 5, "two.com", keystr1, &key); - assert_int_equal(dns_keytable_add(keytable, true, false, &key), + assert_int_equal(dns_keytable_add(keytable, true, false, + dst_key_name(key), &key, NULL), ISC_R_SUCCESS); assert_int_equal(dns_keytable_find(keytable, str2name("two.com"), &keynode), @@ -363,7 +372,8 @@ add_test(void **state) { &null_keynode), ISC_R_SUCCESS); create_key(257, 3, 5, "null.example", keystr2, &key); - assert_int_equal(dns_keytable_add(keytable, false, false, &key), + assert_int_equal(dns_keytable_add(keytable, false, false, + dst_key_name(key), &key, NULL), ISC_R_SUCCESS); assert_int_equal(dns_keytable_find(keytable, str2name("null.example"), &keynode), @@ -663,7 +673,8 @@ nta_test(void **state) { assert_int_equal(result, ISC_R_SUCCESS); create_key(257, 3, 5, "example", keystr1, &key); - result = dns_keytable_add(keytable, false, false, &key); + result = dns_keytable_add(keytable, false, false, + dst_key_name(key), &key, NULL), assert_int_equal(result, ISC_R_SUCCESS); isc_stdtime_get(&now); diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in index 0988db5d275..b1a02a0f68f 100644 --- a/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in @@ -463,6 +463,7 @@ dns_keynode_attach dns_keynode_create dns_keynode_detach dns_keynode_detachall +dns_keynode_dsset dns_keynode_initial dns_keynode_key dns_keynode_managed diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 41af9487ac3..9e859161047 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -3985,7 +3985,8 @@ trust_key(dns_zone_t *zone, dns_name_t *keyname, goto failure; CHECK(dns_dnssec_keyfromrdata(keyname, &rdata, mctx, &dstkey)); - CHECK(dns_keytable_add(sr, true, initial, &dstkey)); + CHECK(dns_keytable_add(sr, true, initial, + dst_key_name(dstkey), &dstkey, NULL)); dns_keytable_detach(&sr); failure: