From: Colin Vidal Date: Mon, 8 Sep 2025 08:46:11 +0000 (+0200) Subject: apply_configuation: add configure_keystores X-Git-Tag: v9.21.14~29^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de11150e478bae52d69819dabb22a83439a6a958;p=thirdparty%2Fbind9.git apply_configuation: add configure_keystores The keystores list build logic was inlined in apply_configuration, this commit extracts it into its own function. --- diff --git a/bin/named/server.c b/bin/named/server.c index 35d182158f3..a7602e95faf 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -8002,6 +8002,37 @@ configure_views(cfg_obj_t *config, const cfg_obj_t *bindkeys, return result; } +static isc_result_t +configure_keystores(const cfg_obj_t *config, dns_keystorelist_t *keystorelist) { + isc_result_t result = ISC_R_SUCCESS; + const cfg_obj_t *keystores = NULL; + + /* + * Create the built-in key store ("key-directory"). + */ + result = cfg_keystore_fromconfig(NULL, isc_g_mctx, keystorelist, NULL); + if (result != ISC_R_SUCCESS) { + return result; + } + + /* + * Create the DNSSEC key stores. + */ + keystores = NULL; + (void)cfg_map_get(config, "key-store", &keystores); + CFG_LIST_FOREACH(keystores, element) { + cfg_obj_t *kconfig = cfg_listelt_value(element); + + result = cfg_keystore_fromconfig(kconfig, isc_g_mctx, + keystorelist, NULL); + if (result != ISC_R_SUCCESS) { + return result; + } + } + + return result; +} + static isc_result_t configure_kasplist(const cfg_obj_t *config, dns_kasplist_t *kasplist, dns_keystorelist_t *keystorelist) { @@ -8068,7 +8099,6 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config, const cfg_obj_t *maps[3]; const cfg_obj_t *obj = NULL; const cfg_obj_t *options = NULL; - const cfg_obj_t *keystores = NULL; dns_kasplist_t tmpkasplist, kasplist; dns_keystorelist_t tmpkeystorelist, keystorelist; dns_viewlist_t viewlist; @@ -8742,29 +8772,11 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config, */ (void)configure_session_key(maps, server, isc_g_mctx, first_time); - /* - * Create the built-in key store ("key-directory"). - */ - result = cfg_keystore_fromconfig(NULL, isc_g_mctx, &keystorelist, NULL); + result = configure_keystores(config, &keystorelist); if (result != ISC_R_SUCCESS) { goto cleanup_keystorelist; } - /* - * Create the DNSSEC key stores. - */ - keystores = NULL; - (void)cfg_map_get(config, "key-store", &keystores); - CFG_LIST_FOREACH(keystores, element) { - cfg_obj_t *kconfig = cfg_listelt_value(element); - - result = cfg_keystore_fromconfig(kconfig, isc_g_mctx, - &keystorelist, NULL); - if (result != ISC_R_SUCCESS) { - goto cleanup_keystorelist; - } - } - result = configure_kasplist(config, &kasplist, &keystorelist); if (result != ISC_R_SUCCESS) { goto cleanup_kasplist; @@ -9150,6 +9162,10 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config, /* * Swap the new keystores list with the old one (so the new one will be * used and old one will be cleared). + * + * If this is the initial server setup, store the address + * `&server->keystorelist` in the zone manager, so the zones can reach + * the list during runtime whenever needed. */ tmpkeystorelist = server->keystorelist; server->keystorelist = keystorelist;