]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
add dns_view_addtrustedkey()
authorEvan Hunt <each@isc.org>
Tue, 31 Jan 2023 21:30:12 +0000 (13:30 -0800)
committerEvan Hunt <each@isc.org>
Tue, 28 Mar 2023 19:38:27 +0000 (12:38 -0700)
the new dns_view_addtrustedkey() function allows a view's trust
anchors to be updated directly. this code was formerly in
dns_client_addtrustedkey(), which is now a wrapper around
dns_view_addtrustedkey().

lib/dns/client.c
lib/dns/include/dns/client.h
lib/dns/include/dns/view.h
lib/dns/view.c

index a32f33645b062dcfb7c54ede52effe7de32502c4..579b9c3aab1acbfe59c138510018fa3c1e613cca 100644 (file)
@@ -1074,45 +1074,8 @@ isc_result_t
 dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass,
                         dns_rdatatype_t rdtype, const dns_name_t *keyname,
                         isc_buffer_t *databuf) {
-       isc_result_t result;
-       dns_keytable_t *secroots = NULL;
-       dns_name_t *name = NULL;
-       char rdatabuf[DST_KEY_MAXSIZE];
-       unsigned char digest[ISC_MAX_MD_SIZE];
-       dns_rdata_ds_t ds;
-       dns_rdata_t rdata;
-       isc_buffer_t b;
-
        REQUIRE(DNS_CLIENT_VALID(client));
        REQUIRE(rdclass == dns_rdataclass_in);
 
-       CHECK(dns_view_getsecroots(client->view, &secroots));
-
-       DE_CONST(keyname, name);
-
-       if (rdtype != dns_rdatatype_dnskey && rdtype != dns_rdatatype_ds) {
-               result = ISC_R_NOTIMPLEMENTED;
-               goto cleanup;
-       }
-
-       isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
-       dns_rdata_init(&rdata);
-       isc_buffer_setactive(databuf, isc_buffer_usedlength(databuf));
-       CHECK(dns_rdata_fromwire(&rdata, rdclass, rdtype, databuf,
-                                DNS_DECOMPRESS_NEVER, &b));
-
-       if (rdtype == dns_rdatatype_ds) {
-               CHECK(dns_rdata_tostruct(&rdata, &ds, NULL));
-       } else {
-               CHECK(dns_ds_fromkeyrdata(name, &rdata, DNS_DSDIGEST_SHA256,
-                                         digest, &ds));
-       }
-
-       CHECK(dns_keytable_add(secroots, false, false, name, &ds, NULL, NULL));
-
-cleanup:
-       if (secroots != NULL) {
-               dns_keytable_detach(&secroots);
-       }
-       return (result);
+       return (dns_view_addtrustedkey(client->view, rdtype, keyname, databuf));
 }
index 166822433ba01616d442653139cda7f00916fa4f..543a5ffb5d03d66802cbcff07b723855c8310e33 100644 (file)
@@ -279,10 +279,11 @@ dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass,
                         dns_rdatatype_t rdtype, const dns_name_t *keyname,
                         isc_buffer_t *keydatabuf);
 /*%<
- * Add a DNSSEC trusted key for the 'rdclass' class.  A view for the 'rdclass'
- * class must be created beforehand.  'rdtype' is the type of the RR data
- * for the key, either DNSKEY or DS.  'keyname' is the DNS name of the key,
- * and 'keydatabuf' stores the RR data.
+ * Add a DNSSEC trusted key for the 'rdclass' class (only class 'IN' is
+ * currently supported).  A view for the 'rdclass' class must be created
+ * beforehand.  'rdtype' is the type of the RR data for the key, either
+ * DNSKEY or DS.  'keyname' is the DNS name of the key, and 'keydatabuf'
+ * stores the RR data.
  *
  * Requires:
  *
index 0a697fc8c01b91de3cd5da495423197418e08570..71f75410195272c4d3bc076ef79ce279f151edce 100644 (file)
@@ -1262,4 +1262,29 @@ dns_view_getdispatchmgr(dns_view_t *view);
  * by the resolver and request managers to send and receive DNS
  * messages.
  */
+
+isc_result_t
+dns_view_addtrustedkey(dns_view_t *view, dns_rdatatype_t rdtype,
+                      const dns_name_t *keyname, isc_buffer_t *databuf);
+/*%<
+ * Add a DNSSEC trusted key to a view of class 'IN'.  'rdtype' is the type
+ * of the RR data for the key, either DNSKEY or DS.  'keyname' is the DNS
+ * name of the key, and 'databuf' stores the RR data.
+
+ * Requires:
+ *
+ *\li  'view' is a valid view.
+
+ *\li  'view' is class 'IN'.
+ *
+ *\li  'keyname' is a valid name.
+ *
+ *\li  'keydatabuf' is a valid buffer.
+ *
+ * Returns:
+ *
+ *\li  #ISC_R_SUCCESS                          On success.
+ *
+ *\li  Anything else                           Failure.
+ */
 ISC_LANG_ENDDECLS
index 551b1ebd4c763eda1dfe837dc576b13550acb135..686075b30956fb235b2049099c2971d8934578c3 100644 (file)
@@ -26,6 +26,7 @@
 #include <isc/file.h>
 #include <isc/hash.h>
 #include <isc/lex.h>
+#include <isc/md.h>
 #include <isc/result.h>
 #include <isc/stats.h>
 #include <isc/string.h>
@@ -2323,3 +2324,44 @@ dns_view_getdispatchmgr(dns_view_t *view) {
        REQUIRE(DNS_VIEW_VALID(view));
        return (view->dispatchmgr);
 }
+
+isc_result_t
+dns_view_addtrustedkey(dns_view_t *view, dns_rdatatype_t rdtype,
+                      const dns_name_t *keyname, isc_buffer_t *databuf) {
+       isc_result_t result;
+       dns_name_t *name = NULL;
+       char rdatabuf[DST_KEY_MAXSIZE];
+       unsigned char digest[ISC_MAX_MD_SIZE];
+       dns_rdata_ds_t ds;
+       dns_rdata_t rdata;
+       isc_buffer_t b;
+
+       REQUIRE(DNS_VIEW_VALID(view));
+       REQUIRE(view->rdclass == dns_rdataclass_in);
+
+       DE_CONST(keyname, name);
+
+       if (rdtype != dns_rdatatype_dnskey && rdtype != dns_rdatatype_ds) {
+               result = ISC_R_NOTIMPLEMENTED;
+               goto cleanup;
+       }
+
+       isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
+       dns_rdata_init(&rdata);
+       isc_buffer_setactive(databuf, isc_buffer_usedlength(databuf));
+       CHECK(dns_rdata_fromwire(&rdata, view->rdclass, rdtype, databuf,
+                                DNS_DECOMPRESS_NEVER, &b));
+
+       if (rdtype == dns_rdatatype_ds) {
+               CHECK(dns_rdata_tostruct(&rdata, &ds, NULL));
+       } else {
+               CHECK(dns_ds_fromkeyrdata(name, &rdata, DNS_DSDIGEST_SHA256,
+                                         digest, &ds));
+       }
+
+       CHECK(dns_keytable_add(view->secroots_priv, false, false, name, &ds,
+                              NULL, NULL));
+
+cleanup:
+       return (result);
+}