From: Michał Kępień <michal@isc.org>
Date: Tue, 13 Mar 2018 13:06:09 +0000 (+0100)
Subject: Move update_sigs() to lib/dns/zone_p.h
X-Git-Tag: v9.13.0~28^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1947cee8210844b917320453cb308fbe168d320;p=thirdparty%2Fbind9.git

Move update_sigs() to lib/dns/zone_p.h

Rename update_sigs() to dns__zone_updatesigs() and move it to
lib/dns/zone_p.h, so that it can be unit tested.  Add a comment
describing the purpose of this function.
---

diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in
index ebebd170cde..6e6086ba6bc 100644
--- a/lib/dns/win32/libdns.def.in
+++ b/lib/dns/win32/libdns.def.in
@@ -8,6 +8,7 @@ dns__rbt_checkproperties
 dns__rbt_getheight
 dns__rbtnode_getdistance
 dns__zone_loadpending
+dns__zone_updatesigs
 
 dns_acl_allowed
 dns_acl_any
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index fd716e12f8d..9c9fc5bef8a 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -7282,13 +7282,18 @@ need_nsec_chain(dns_db_t *db, dns_dbversion_t *ver,
 	return (result);
 }
 
-static isc_result_t
-update_sigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
-	    dst_key_t *zone_keys[], unsigned int nkeys, dns_zone_t *zone,
-	    isc_stdtime_t inception, isc_stdtime_t expire,
-	    isc_stdtime_t keyexpire, isc_stdtime_t now,
-	    isc_boolean_t check_ksk, isc_boolean_t keyset_kskonly,
-	    dns__zonediff_t *zonediff)
+/*%
+ * Add/remove DNSSEC signatures for the list of "raw" zone changes supplied in
+ * 'diff'.  Gradually remove tuples from 'diff' and append them to 'zonediff'
+ * along with tuples representing relevant signature changes.
+ */
+isc_result_t
+dns__zone_updatesigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
+		     dst_key_t *zone_keys[], unsigned int nkeys,
+		     dns_zone_t *zone, isc_stdtime_t inception,
+		     isc_stdtime_t expire, isc_stdtime_t keyexpire,
+		     isc_stdtime_t now, isc_boolean_t check_ksk,
+		     isc_boolean_t keyset_kskonly, dns__zonediff_t *zonediff)
 {
 	dns_difftuple_t *tuple;
 	isc_result_t result;
@@ -7311,7 +7316,7 @@ update_sigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
 				  zone_keys, nkeys, now, ISC_FALSE);
 		if (result != ISC_R_SUCCESS) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "update_sigs:del_sigs -> %s",
+				     "dns__zone_updatesigs:del_sigs -> %s",
 				     dns_result_totext(result));
 			return (result);
 		}
@@ -7321,7 +7326,7 @@ update_sigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
 				  exp, check_ksk, keyset_kskonly);
 		if (result != ISC_R_SUCCESS) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "update_sigs:add_sigs -> %s",
+				     "dns__zone_updatesigs:add_sigs -> %s",
 				     dns_result_totext(result));
 			return (result);
 		}
@@ -7486,7 +7491,7 @@ zone_nsec3chain(dns_zone_t *zone) {
 	 *
 	 * Note that the "signatures" variable is only used here to limit the
 	 * amount of work performed.  Actual DNSSEC signatures are only
-	 * generated by update_sigs() calls later in this function.
+	 * generated by dns__zone_updatesigs() calls later in this function.
 	 */
 	while (nsec3chain != NULL && nodes-- > 0 && signatures > 0) {
 		LOCK_ZONE(zone);
@@ -7970,12 +7975,13 @@ zone_nsec3chain(dns_zone_t *zone) {
 	 */
 	if (nsec3chain != NULL)
 		dns_dbiterator_pause(nsec3chain->dbiterator);
-	result = update_sigs(&nsec3_diff, db, version, zone_keys,
-			     nkeys, zone, inception, expire, 0, now,
-			     check_ksk, keyset_kskonly, &zonediff);
+	result = dns__zone_updatesigs(&nsec3_diff, db, version, zone_keys,
+				      nkeys, zone, inception, expire, 0, now,
+				      check_ksk, keyset_kskonly, &zonediff);
 	if (result != ISC_R_SUCCESS) {
 		dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
-			     "update_sigs -> %s", dns_result_totext(result));
+			     "dns__zone_updatesigs -> %s",
+			     dns_result_totext(result));
 		goto failure;
 	}
 
@@ -7983,12 +7989,13 @@ zone_nsec3chain(dns_zone_t *zone) {
 	 * We have changed the NSEC3PARAM or private RRsets
 	 * above so we need to update the signatures.
 	 */
-	result = update_sigs(&param_diff, db, version, zone_keys,
-			     nkeys, zone, inception, expire, 0, now,
-			     check_ksk, keyset_kskonly, &zonediff);
+	result = dns__zone_updatesigs(&param_diff, db, version, zone_keys,
+				      nkeys, zone, inception, expire, 0, now,
+				      check_ksk, keyset_kskonly, &zonediff);
 	if (result != ISC_R_SUCCESS) {
 		dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
-			     "update_sigs -> %s", dns_result_totext(result));
+			     "dns__zone_updatesigs -> %s",
+			     dns_result_totext(result));
 		goto failure;
 	}
 
@@ -8003,12 +8010,13 @@ zone_nsec3chain(dns_zone_t *zone) {
 		}
 	}
 
-	result = update_sigs(&nsec_diff, db, version, zone_keys,
-			     nkeys, zone, inception, expire, 0, now,
-			     check_ksk, keyset_kskonly, &zonediff);
+	result = dns__zone_updatesigs(&nsec_diff, db, version, zone_keys,
+				      nkeys, zone, inception, expire, 0, now,
+				      check_ksk, keyset_kskonly, &zonediff);
 	if (result != ISC_R_SUCCESS) {
 		dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:"
-			     "update_sigs -> %s", dns_result_totext(result));
+			     "dns__zone_updatesigs -> %s",
+			     dns_result_totext(result));
 		goto failure;
 	}
 
@@ -8586,12 +8594,14 @@ zone_sign(dns_zone_t *zone) {
 	}
 
 	if (ISC_LIST_HEAD(post_diff.tuples) != NULL) {
-		result = update_sigs(&post_diff, db, version, zone_keys,
-				     nkeys, zone, inception, expire, 0, now,
-				     check_ksk, keyset_kskonly, &zonediff);
+		result = dns__zone_updatesigs(&post_diff, db, version,
+					      zone_keys, nkeys, zone,
+					      inception, expire, 0, now,
+					      check_ksk, keyset_kskonly,
+					      &zonediff);
 		if (result != ISC_R_SUCCESS) {
 			dns_zone_log(zone, ISC_LOG_ERROR, "zone_sign:"
-				     "update_sigs -> %s",
+				     "dns__zone_updatesigs -> %s",
 				     dns_result_totext(result));
 			goto failure;
 		}
@@ -17542,9 +17552,8 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
 	keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY);
 
 	/*
-	 * See if update_sigs will update DNSKEY signature and if not
-	 * cause them to sign so that so that newly activated keys
-	 * are used.
+	 * See if dns__zone_updatesigs() will update DNSKEY signature and if
+	 * not cause them to sign so that newly activated keys are used.
 	 */
 	for (tuple = ISC_LIST_HEAD(diff->tuples);
 	     tuple != NULL;
@@ -17576,13 +17585,13 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
 		}
 	}
 
-	result = update_sigs(diff, db, ver, zone_keys, nkeys, zone,
-			     inception, soaexpire, keyexpire, now,
-			     check_ksk, keyset_kskonly, zonediff);
+	result = dns__zone_updatesigs(diff, db, ver, zone_keys, nkeys, zone,
+				      inception, soaexpire, keyexpire, now,
+				      check_ksk, keyset_kskonly, zonediff);
 
 	if (result != ISC_R_SUCCESS) {
 		dns_zone_log(zone, ISC_LOG_ERROR,
-			     "sign_apex:update_sigs -> %s",
+			     "sign_apex:dns__zone_updatesigs -> %s",
 			     dns_result_totext(result));
 		goto failure;
 	}
diff --git a/lib/dns/zone_p.h b/lib/dns/zone_p.h
index 3ef05e023ce..bcb6e7edc67 100644
--- a/lib/dns/zone_p.h
+++ b/lib/dns/zone_p.h
@@ -26,6 +26,14 @@ typedef struct {
 	isc_boolean_t	offline;
 } dns__zonediff_t;
 
+isc_result_t
+dns__zone_updatesigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
+		     dst_key_t *zone_keys[], unsigned int nkeys,
+		     dns_zone_t *zone, isc_stdtime_t inception,
+		     isc_stdtime_t expire, isc_stdtime_t keyxpire,
+		     isc_stdtime_t now, isc_boolean_t check_ksk,
+		     isc_boolean_t keyset_kskonly, dns__zonediff_t *zonediff);
+
 ISC_LANG_ENDDECLS
 
 #endif /* DNS_ZONE_P_H */