const char *algorithm;
result = dns_db_findnode(db, &zone->origin, false, &node);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
dns_db_currentversion(db, &version);
dns_rdataset_init(&rdataset);
result = dns_db_findrdataset(db, node, version, dns_rdatatype_dnskey,
dns_rdatatype_none, 0, &rdataset, NULL);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
for (result = dns_rdataset_first(&rdataset);
result == ISC_R_SUCCESS;
dns_rdataset_disassociate(&rdataset);
cleanup:
- if (node != NULL)
+ if (node != NULL) {
dns_db_detachnode(db, &node);
- if (version != NULL)
+ }
+ if (version != NULL) {
dns_db_closeversion(db, &version, false);
+ }
}
static void
dns_db_t *db = NULL;
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
- if (zone->db != NULL)
+ if (zone->db != NULL) {
dns_db_attach(zone->db, &db);
+ }
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
- if (db == NULL)
+ if (db == NULL) {
goto cleanup;
+ }
result = dns_db_findnode(db, &zone->origin, false, &node);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
dns_db_currentversion(db, &version);
dns_rdataset_init(&rdataset);
{
dns_rdataset_current(&rdataset, &rdata);
if (rdata.length != 5 ||
- rdata.data[0] == 0 || rdata.data[4] != 0) {
+ rdata.data[0] == 0 || rdata.data[4] != 0)
+ {
dns_rdata_reset(&rdata);
continue;
}
cleanup:
if (db != NULL) {
- if (node != NULL)
+ if (node != NULL) {
dns_db_detachnode(db, &node);
- if (version != NULL)
+ }
+ if (version != NULL) {
dns_db_closeversion(db, &version, false);
+ }
dns_db_detach(&db);
}
}
dns_db_t *db = NULL;
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
- if (zone->db != NULL)
+ if (zone->db != NULL) {
dns_db_attach(zone->db, &db);
+ }
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
if (db == NULL) {
/*
* Log NSEC3 parameters defined by supplied NSEC3PARAM RDATA.
*/
- if (nsec3param->flags == 0)
+ if (nsec3param->flags == 0) {
strlcpy(flags, "NONE", sizeof(flags));
- else {
+ } else {
flags[0] = '\0';
if ((nsec3param->flags & DNS_NSEC3FLAG_REMOVE) != 0) {
strlcat(flags, "REMOVE", sizeof(flags));
}
if ((nsec3param->flags & DNS_NSEC3FLAG_INITIAL) != 0) {
- if (flags[0] == '\0')
+ if (flags[0] == '\0') {
strlcpy(flags, "INITIAL", sizeof(flags));
- else
+ } else {
strlcat(flags, "|INITIAL", sizeof(flags));
+ }
}
if ((nsec3param->flags & DNS_NSEC3FLAG_CREATE) != 0) {
- if (flags[0] == '\0')
+ if (flags[0] == '\0') {
strlcpy(flags, "CREATE", sizeof(flags));
- else
+ } else {
strlcat(flags, "|CREATE", sizeof(flags));
+ }
}
if ((nsec3param->flags & DNS_NSEC3FLAG_NONSEC) != 0) {
- if (flags[0] == '\0')
+ if (flags[0] == '\0') {
strlcpy(flags, "NONSEC", sizeof(flags));
- else
+ } else {
strlcat(flags, "|NONSEC", sizeof(flags));
+ }
}
if ((nsec3param->flags & DNS_NSEC3FLAG_OPTOUT) != 0) {
- if (flags[0] == '\0')
+ if (flags[0] == '\0') {
strlcpy(flags, "OPTOUT", sizeof(flags));
- else
+ } else {
strlcat(flags, "|OPTOUT", sizeof(flags));
+ }
}
}
result = dns_nsec3param_salttotext(nsec3param, saltbuf,
*/
for (current = ISC_LIST_HEAD(zone->nsec3chain);
current != NULL;
- current = ISC_LIST_NEXT(current, link)) {
- if (current->db == db &&
- current->nsec3param.hash == nsec3param->hash &&
- current->nsec3param.iterations == nsec3param->iterations &&
- current->nsec3param.salt_length == nsec3param->salt_length
- && !memcmp(current->nsec3param.salt, nsec3param->salt,
- nsec3param->salt_length))
+ current = ISC_LIST_NEXT(current, link))
+ {
+ if ((current->db == db) &&
+ (current->nsec3param.hash == nsec3param->hash) &&
+ (current->nsec3param.iterations ==
+ nsec3param->iterations) &&
+ (current->nsec3param.salt_length ==
+ nsec3param->salt_length) &&
+ memcmp(current->nsec3param.salt, nsec3param->salt,
+ nsec3param->salt_length) == 0)
+ {
current->done = true;
+ }
}
/*
* creating NSEC3 records for NSEC3 records.
*/
dns_db_attach(db, &nsec3chain->db);
- if ((nsec3chain->nsec3param.flags & DNS_NSEC3FLAG_CREATE) != 0)
+ if ((nsec3chain->nsec3param.flags & DNS_NSEC3FLAG_CREATE) != 0) {
options = DNS_DB_NONSEC3;
+ }
result = dns_db_createiterator(nsec3chain->db, options,
&nsec3chain->dbiterator);
- if (result == ISC_R_SUCCESS)
+ if (result == ISC_R_SUCCESS) {
result = dns_dbiterator_first(nsec3chain->dbiterator);
+ }
if (result == ISC_R_SUCCESS) {
/*
* Database iterator initialization succeeded. We are now
if (isc_time_isepoch(&zone->nsec3chaintime)) {
TIME_NOW(&now);
zone->nsec3chaintime = now;
- if (zone->task != NULL)
+ if (zone->task != NULL) {
zone_settimer(zone, &now);
+ }
}
}
if (nsec3chain != NULL) {
- if (nsec3chain->db != NULL)
+ if (nsec3chain->db != NULL) {
dns_db_detach(&nsec3chain->db);
- if (nsec3chain->dbiterator != NULL)
+ }
+ if (nsec3chain->dbiterator != NULL) {
dns_dbiterator_destroy(&nsec3chain->dbiterator);
+ }
isc_mem_put(zone->mctx, nsec3chain, sizeof *nsec3chain);
}
cleanup:
- if (db != NULL)
+ if (db != NULL) {
dns_db_detach(&db);
+ }
return (result);
}
return;
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
- if (zone->db != NULL)
+ if (zone->db != NULL) {
dns_db_attach(zone->db, &db);
+ }
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
- if (db == NULL)
+ if (db == NULL) {
goto cleanup;
+ }
result = dns_db_findnode(db, &zone->origin, false, &node);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
dns_db_currentversion(db, &version);
*/
if (!dns_nsec3param_fromprivate(&private, &rdata, buf,
sizeof(buf)))
+ {
continue;
+ }
result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
if (((nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0) ||
}
}
dns_rdataset_disassociate(&rdataset);
+
cleanup:
if (db != NULL) {
- if (node != NULL)
+ if (node != NULL) {
dns_db_detachnode(db, &node);
- if (version != NULL)
+ }
+ if (version != NULL) {
dns_db_closeversion(db, &version, false);
+ }
dns_db_detach(&db);
}
}
bool ok = false;
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
- bool dynamic = (zone->type == dns_zone_master) ?
- dns_zone_isdynamic(zone, false) : false;
+ bool dynamic = (zone->type == dns_zone_master)
+ ? dns_zone_isdynamic(zone, false) : false;
dns_rdataset_init(&rdataset);
result = dns_db_findnode(db, &zone->origin, false, &node);
dns_zone_log(zone, ISC_LOG_WARNING,
"unsupported nsec3 hash algorithm: %u",
nsec3param.hash);
- } else
+ } else {
ok = true;
+ }
}
- if (result == ISC_R_NOMORE)
+ if (result == ISC_R_NOMORE) {
result = ISC_R_SUCCESS;
+ }
if (!ok) {
result = DNS_R_BADZONE;
}
cleanup:
- if (dns_rdataset_isassociated(&rdataset))
+ if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
+ }
dns_db_closeversion(db, &version, false);
dns_db_detachnode(db, &node);
return (result);
/* Now insert all the accepted trust anchors from this keydata set. */
for (result = dns_rdataset_first(rdataset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(rdataset)) {
+ result = dns_rdataset_next(rdataset))
+ {
dns_rdata_reset(&rdata);
dns_rdataset_current(rdataset, &rdata);
/* Convert rdata to keydata. */
result = dns_rdata_tostruct(&rdata, &keydata, NULL);
- if (result == ISC_R_UNEXPECTEDEND)
+ if (result == ISC_R_UNEXPECTEDEND) {
continue;
+ }
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/* Set the key refresh timer to force a fast refresh. */
/* Add to keytables. */
trusted++;
- trust_key(zone, name, &dnskey,
- (keydata.addhd == 0), mctx);
+ trust_key(zone, name, &dnskey, (keydata.addhd == 0), mctx);
}
if (trusted == 0 && pending != 0) {
dns_rriterator_init(&rrit, db, ver, 0);
for (result = dns_rriterator_first(&rrit);
result == ISC_R_SUCCESS;
- result = dns_rriterator_nextrrset(&rrit)) {
+ result = dns_rriterator_nextrrset(&rrit))
+ {
dns_rdataset_t *rdataset = NULL;
dns_name_t *rrname = NULL;
uint32_t ttl;
goto failure;
}
- if (rdataset->type != dns_rdatatype_keydata)
+ if (rdataset->type != dns_rdatatype_keydata) {
continue;
+ }
result = dns_keytable_find(sr, rrname, &keynode);
if ((result != ISC_R_SUCCESS &&
load_secroots(zone, rrname, rdataset);
}
- if (keynode != NULL)
+ if (keynode != NULL) {
dns_keytable_detachkeynode(sr, &keynode);
+ }
}
dns_rriterator_destroy(&rrit);
failure:
if (result != ISC_R_SUCCESS &&
- !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) {
+ !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED))
+ {
dns_zone_log(zone, ISC_LOG_ERROR,
"unable to synchronize managed keys: %s",
dns_result_totext(result));
isc_time_settoepoch(&zone->refreshkeytime);
}
- if (keynode != NULL)
+ if (keynode != NULL) {
dns_keytable_detachkeynode(sr, &keynode);
- if (sr != NULL)
+ }
+ if (sr != NULL) {
dns_keytable_detach(&sr);
- if (ver != NULL)
+ }
+ if (ver != NULL) {
dns_db_closeversion(db, &ver, commit);
+ }
dns_diff_clear(&diff);
INSIST(ver == NULL);
isc_result_t result;
dns_db_t *db = NULL;
- if (zone->type != dns_zone_key)
+ if (zone->type != dns_zone_key) {
return (DNS_R_BADZONE);
+ }
CHECK(dns_zone_getdb(zone, &db));
UNLOCK_ZONE(zone);
failure:
- if (db != NULL)
+ if (db != NULL) {
dns_db_detach(&db);
+ }
return (result);
}
unsigned int soacount;
result = zone_get_from_db(zone->raw, zone->raw->db,
- NULL, &soacount, &serial, NULL,
- NULL, NULL, NULL, NULL);
+ NULL, &soacount, &serial,
+ NULL, NULL, NULL, NULL, NULL);
if (result == ISC_R_SUCCESS && soacount > 0U)
zone_send_secureserial(zone->raw, serial);
} else
dns_include_t *inc;
INSIST(LOCKED_ZONE(zone));
- if (inline_raw(zone))
+ if (inline_raw(zone)) {
INSIST(LOCKED_ZONE(zone->secure));
+ }
TIME_NOW(&now);
zone->type == dns_zone_mirror ||
zone->type == dns_zone_stub ||
(zone->type == dns_zone_redirect &&
- zone->masters == NULL)) {
- if (result == ISC_R_FILENOTFOUND)
+ zone->masters == NULL))
+ {
+ if (result == ISC_R_FILENOTFOUND) {
dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD,
ISC_LOG_DEBUG(1),
"no master file");
- else if (result != DNS_R_NOMASTERFILE)
+ } else if (result != DNS_R_NOMASTERFILE) {
dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD,
ISC_LOG_ERROR,
"loading from master file %s "
"failed: %s",
zone->masterfile,
dns_result_totext(result));
+ }
} else if (zone->type == dns_zone_master &&
inline_secure(zone) && result == ISC_R_FILENOTFOUND)
{
nomaster = true;
}
- if (zone->type != dns_zone_key)
+ if (zone->type != dns_zone_key) {
goto cleanup;
+ }
}
dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD, ISC_LOG_DEBUG(2),
"number of nodes in database: %u",
dns_db_nodecount(db));
- if (result == DNS_R_SEENINCLUDE)
+ if (result == DNS_R_SEENINCLUDE) {
DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HASINCLUDE);
- else
+ } else {
DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_HASINCLUDE);
+ }
/*
* If there's no master file for a key zone, then the zone is new:
*/
if (nomaster && zone->type == dns_zone_key) {
result = add_soa(zone, db);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
}
/*
"journal rollforward completed "
"successfully: %s",
dns_result_totext(result));
- if (result == ISC_R_SUCCESS)
+ if (result == ISC_R_SUCCESS) {
needdump = true;
+ }
}
/*
* updates otherwise.
*/
if (zone->journal != NULL && dns_zone_isdynamic(zone, true) &&
- ! DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS)) {
+ ! DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS))
+ {
uint32_t jserial;
dns_journal_t *journal = NULL;
bool empty = false;
}
if (jserial != serial) {
- if (!empty)
+ if (!empty) {
dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD,
ISC_LOG_INFO,
"journal file is out of date: "
"removing journal file");
+ }
if (remove(zone->journal) < 0 && errno != ENOENT) {
char strbuf[ISC_STRERRORSIZE];
strerror_r(errno, strbuf, sizeof(strbuf));
"has no NS records");
result = DNS_R_BADZONE;
}
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
if (zone->type == dns_zone_master && errors != 0) {
result = DNS_R_BADZONE;
goto cleanup;
}
if (zone->type != dns_zone_stub &&
- zone->type != dns_zone_redirect) {
+ zone->type != dns_zone_redirect)
+ {
result = check_nsec3param(zone, db);
if (result != ISC_R_SUCCESS)
goto cleanup;
}
if (zone->type == dns_zone_master &&
DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKINTEGRITY) &&
- !integrity_checks(zone, db)) {
+ !integrity_checks(zone, db))
+ {
result = DNS_R_BADZONE;
goto cleanup;
}
if (zone->type == dns_zone_master &&
DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKDUPRR) &&
- !zone_check_dup(zone, db)) {
+ !zone_check_dup(zone, db))
+ {
result = DNS_R_BADZONE;
goto cleanup;
}
serialmax);
result = DNS_R_BADZONE;
goto cleanup;
- } else if (!isc_serial_ge(serial, oldserial))
+ } else if (!isc_serial_ge(serial, oldserial)) {
dns_zone_logc(zone,
DNS_LOGCATEGORY_ZONELOAD,
ISC_LOG_ERROR,
"zone serial (%u/%u) has gone "
"backwards", serial, oldserial);
- else if (serial == oldserial && !hasinclude &&
- strcmp(zone->db_argv[0], "_builtin") != 0)
+ } else if (serial == oldserial && !hasinclude &&
+ strcmp(zone->db_argv[0], "_builtin") != 0)
+ {
dns_zone_logc(zone,
DNS_LOGCATEGORY_ZONELOAD,
ISC_LOG_ERROR,
"zone serial (%u) unchanged. "
"zone may fail to transfer "
"to slaves.", serial);
+ }
}
if (zone->type == dns_zone_master &&
zone->type == dns_zone_mirror ||
zone->type == dns_zone_stub ||
(zone->type == dns_zone_redirect &&
- zone->masters != NULL)) {
+ zone->masters != NULL))
+ {
isc_time_t t;
uint32_t delay;
result = isc_file_getmodtime(zone->journal, &t);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
result = isc_file_getmodtime(zone->masterfile,
&t);
- if (result == ISC_R_SUCCESS)
+ }
+ if (result == ISC_R_SUCCESS) {
DNS_ZONE_TIME_ADD(&t, zone->expire,
&zone->expiretime);
- else
+ } else {
DNS_ZONE_TIME_ADD(&now, zone->retry,
&zone->expiretime);
+ }
- delay = zone->retry - isc_random_uniform((zone->retry * 3) / 4);
+ delay = (zone->retry -
+ isc_random_uniform((zone->retry * 3) / 4));
DNS_ZONE_TIME_ADD(&now, delay, &zone->refreshtime);
if (isc_time_compare(&zone->refreshtime,
&zone->expiretime) >= 0)
+ {
zone->refreshtime = now;
+ }
}
break;
/*
* Check for weak DNSKEY's.
*/
- if (zone->type == dns_zone_master)
+ if (zone->type == dns_zone_master) {
zone_check_dnskeys(zone, db);
+ }
/*
* Schedule DNSSEC key refresh.
*/
if (zone->type == dns_zone_master &&
DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_MAINTAIN))
+ {
zone->refreshkeytime = now;
+ }
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
if (zone->db != NULL) {
had_db = true;
result = zone_replacedb(zone, db, false);
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
+ }
} else {
zone_attachdb(zone, db);
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SENDSECURE) &&
inline_raw(zone))
{
- if (zone->secure->db == NULL)
+ if (zone->secure->db == NULL) {
zone_send_securedb(zone, db);
- else
+ } else {
zone_send_secureserial(zone, serial);
+ }
}
}
* Finished loading inline-signing zone; need to get status
* from the raw side now.
*/
- if (zone->type == dns_zone_master && inline_secure(zone))
+ if (zone->type == dns_zone_master && inline_secure(zone)) {
maybe_send_secure(zone);
-
+ }
result = ISC_R_SUCCESS;
if (needdump) {
- if (zone->type == dns_zone_key)
+ if (zone->type == dns_zone_key) {
zone_needdump(zone, 30);
- else
+ } else {
zone_needdump(zone, DNS_DUMP_DELAY);
+ }
}
if (zone->task != NULL) {
if (zone->type == dns_zone_master &&
!DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_NORESIGN) &&
dns_zone_isdynamic(zone, false) &&
- dns_db_issecure(db)) {
+ dns_db_issecure(db))
+ {
dns_name_t *name;
dns_fixedname_t fixed;
dns_rdataset_t next;
next.resign - timenow -
zone->sigresigninginterval);
dns_rdataset_disassociate(&next);
- } else
+ } else {
dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD,
ISC_LOG_WARNING,
"signed dynamic zone has no "
"resign event scheduled");
+ }
}
zone_settimer(zone, &now);
*/
for (inc = ISC_LIST_HEAD(zone->includes);
inc != NULL;
- inc = ISC_LIST_HEAD(zone->includes)) {
+ inc = ISC_LIST_HEAD(zone->includes))
+ {
ISC_LIST_UNLINK(zone->includes, inc, link);
isc_mem_free(zone->mctx, inc->name);
isc_mem_put(zone->mctx, inc, sizeof(*inc));
*/
for (inc = ISC_LIST_HEAD(zone->newincludes);
inc != NULL;
- inc = ISC_LIST_HEAD(zone->newincludes)) {
+ inc = ISC_LIST_HEAD(zone->newincludes))
+ {
ISC_LIST_UNLINK(zone->newincludes, inc, link);
ISC_LIST_APPEND(zone->includes, inc, link);
zone->nincludes++;
zone->type == dns_zone_mirror ||
zone->type == dns_zone_stub ||
zone->type == dns_zone_key ||
- (zone->type == dns_zone_redirect && zone->masters != NULL)) {
+ (zone->type == dns_zone_redirect && zone->masters != NULL))
+ {
if (result != ISC_R_NOMEMORY) {
- if (zone->journal != NULL)
+ if (zone->journal != NULL) {
zone_saveunique(zone, zone->journal,
"jn-XXXXXXXX");
- if (zone->masterfile != NULL)
+ }
+ if (zone->masterfile != NULL) {
zone_saveunique(zone, zone->masterfile,
"db-XXXXXXXX");
+ }
}
/* Mark the zone for immediate refresh. */
zone->refreshtime = now;
- if (zone->task != NULL)
+ if (zone->task != NULL) {
zone_settimer(zone, &now);
+ }
result = ISC_R_SUCCESS;
} else if (zone->type == dns_zone_master ||
- zone->type == dns_zone_redirect) {
- if (!(inline_secure(zone) && result == ISC_R_FILENOTFOUND))
+ zone->type == dns_zone_redirect)
+ {
+ if (! (inline_secure(zone) && result == ISC_R_FILENOTFOUND)) {
dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD,
ISC_LOG_ERROR,
"not loaded due to errors.");
- else if (zone->type == dns_zone_master)
+ } else if (zone->type == dns_zone_master) {
result = ISC_R_SUCCESS;
+ }
}
done:
UNLOCK_ZONE(zone);
first = true;
- if (nsec3chain != NULL)
+ if (nsec3chain != NULL) {
nsec3chain->save_delete_nsec = nsec3chain->delete_nsec;
+ }
/*
* Generate new NSEC3 chains first.
*
* Check to see if this is a bottom of zone node.
*/
result = dns_db_allrdatasets(db, node, version, 0, &iterator);
- if (result == ISC_R_NOTFOUND) /* Empty node? */
+ if (result == ISC_R_NOTFOUND) {
+ /* Empty node? */
goto next_addnode;
- if (result != ISC_R_SUCCESS)
+ }
+ if (result != ISC_R_SUCCESS) {
goto failure;
+ }
- seen_soa = seen_ns = seen_dname = seen_ds = seen_nsec =
- false;
+ seen_soa = seen_ns = seen_dname = seen_ds = seen_nsec = false;
for (result = dns_rdatasetiter_first(iterator);
result == ISC_R_SUCCESS;
- result = dns_rdatasetiter_next(iterator)) {
+ result = dns_rdatasetiter_next(iterator))
+ {
dns_rdatasetiter_current(iterator, &rdataset);
INSIST(rdataset.type != dns_rdatatype_nsec3);
- if (rdataset.type == dns_rdatatype_soa)
+ if (rdataset.type == dns_rdatatype_soa) {
seen_soa = true;
- else if (rdataset.type == dns_rdatatype_ns)
+ } else if (rdataset.type == dns_rdatatype_ns) {
seen_ns = true;
- else if (rdataset.type == dns_rdatatype_dname)
+ } else if (rdataset.type == dns_rdatatype_dname) {
seen_dname = true;
- else if (rdataset.type == dns_rdatatype_ds)
+ } else if (rdataset.type == dns_rdatatype_ds) {
seen_ds = true;
- else if (rdataset.type == dns_rdatatype_nsec)
+ } else if (rdataset.type == dns_rdatatype_nsec) {
seen_nsec = true;
+ }
dns_rdataset_disassociate(&rdataset);
}
dns_rdatasetiter_destroy(&iterator);
/*
* Is there a NSEC chain than needs to be cleaned up?
*/
- if (seen_nsec)
+ if (seen_nsec) {
nsec3chain->seen_nsec = true;
- if (seen_ns && !seen_soa && !seen_ds)
+ }
+ if (seen_ns && !seen_soa && !seen_ds) {
unsecure = true;
- if ((seen_ns && !seen_soa) || seen_dname)
+ }
+ if ((seen_ns && !seen_soa) || seen_dname) {
delegation = true;
+ }
/*
* Process one node.
dns_db_detachnode(db, &node);
if (!dns_name_issubdomain(nextname, name))
break;
- } else
+ } else {
break;
+ }
} while (1);
continue;
dns_dbiterator_pause(nsec3chain->dbiterator);
nsec3chain = nextnsec3chain;
first = true;
- if (nsec3chain != NULL)
+ if (nsec3chain != NULL) {
nsec3chain->save_delete_nsec = nsec3chain->delete_nsec;
+ }
}
- if (nsec3chain != NULL)
+ if (nsec3chain != NULL) {
goto skip_removals;
+ }
/*
* Process removals.
nextnsec3chain = ISC_LIST_NEXT(nsec3chain, link);
UNLOCK_ZONE(zone);
- if (nsec3chain->db != db)
+ if (nsec3chain->db != db) {
goto next_removechain;
+ }
- if (!NSEC3REMOVE(nsec3chain->nsec3param.flags))
+ if (!NSEC3REMOVE(nsec3chain->nsec3param.flags)) {
goto next_removechain;
+ }
/*
* Work out if we need to build a NSEC chain as a consequence
}
}
- if (first)
+ if (first) {
dns_zone_log(zone, ISC_LOG_DEBUG(3), "zone_nsec3chain:"
"buildnsecchain = %u\n", buildnsecchain);
+ }
dns_dbiterator_current(nsec3chain->dbiterator, &node, name);
delegation = false;
NULL, NULL);
if ((result == DNS_R_DELEGATION ||
result == DNS_R_DNAME) &&
- !dns_name_equal(name, found)) {
+ !dns_name_equal(name, found))
+ {
/*
* Remember the obscuring name so that
* we skip all obscured names.
* Check to see if this is a bottom of zone node.
*/
result = dns_db_allrdatasets(db, node, version, 0, &iterator);
- if (result == ISC_R_NOTFOUND) /* Empty node? */
+ if (result == ISC_R_NOTFOUND) {
+ /* Empty node? */
goto next_removenode;
- if (result != ISC_R_SUCCESS)
+ }
+ if (result != ISC_R_SUCCESS) {
goto failure;
+ }
- seen_soa = seen_ns = seen_dname = seen_nsec3 = seen_nsec =
- seen_rr = false;
+ seen_soa = seen_ns = seen_dname = seen_nsec3 =
+ seen_nsec = seen_rr = false;
for (result = dns_rdatasetiter_first(iterator);
result == ISC_R_SUCCESS;
- result = dns_rdatasetiter_next(iterator)) {
+ result = dns_rdatasetiter_next(iterator))
+ {
dns_rdatasetiter_current(iterator, &rdataset);
- if (rdataset.type == dns_rdatatype_soa)
+ if (rdataset.type == dns_rdatatype_soa) {
seen_soa = true;
- else if (rdataset.type == dns_rdatatype_ns)
+ } else if (rdataset.type == dns_rdatatype_ns) {
seen_ns = true;
- else if (rdataset.type == dns_rdatatype_dname)
+ } else if (rdataset.type == dns_rdatatype_dname) {
seen_dname = true;
- else if (rdataset.type == dns_rdatatype_nsec)
+ } else if (rdataset.type == dns_rdatatype_nsec) {
seen_nsec = true;
- else if (rdataset.type == dns_rdatatype_nsec3)
+ } else if (rdataset.type == dns_rdatatype_nsec3) {
seen_nsec3 = true;
- if (rdataset.type != dns_rdatatype_rrsig)
+ } else if (rdataset.type != dns_rdatatype_rrsig) {
seen_rr = true;
+ }
dns_rdataset_disassociate(&rdataset);
}
dns_rdatasetiter_destroy(&iterator);
- if (!seen_rr || seen_nsec3 || seen_nsec)
+ if (!seen_rr || seen_nsec3 || seen_nsec) {
goto next_removenode;
- if ((seen_ns && !seen_soa) || seen_dname)
+ }
+ if ((seen_ns && !seen_soa) || seen_dname) {
delegation = true;
+ }
/*
* Add a NSEC record except at the origin.
&node, nextname);
dns_db_detachnode(db, &node);
if (!dns_name_issubdomain(nextname, name))
+ {
break;
- } else
+ }
+ } else {
break;
+ }
} while (1);
continue;
}
for (result = dns_rdatasetiter_first(iterator);
result == ISC_R_SUCCESS;
- result = dns_rdatasetiter_next(iterator)) {
+ result = dns_rdatasetiter_next(iterator))
+ {
dns_rdatasetiter_current(iterator, &rdataset);
- if (rdataset.type == dns_rdatatype_nsec)
+ if (rdataset.type == dns_rdatatype_nsec) {
rebuild_nsec = true;
- if (rdataset.type == dns_rdatatype_nsec3param)
+ } else if (rdataset.type == dns_rdatatype_nsec3param) {
rebuild_nsec3 = true;
+ }
dns_rdataset_disassociate(&rdataset);
}
dns_rdatasetiter_destroy(&iterator);
dns_db_detachnode(db, &node);
if (rebuild_nsec) {
- if (nsec3chain != NULL)
+ if (nsec3chain != NULL) {
dns_dbiterator_pause(nsec3chain->dbiterator);
+ }
result = updatesecure(db, version, &zone->origin,
zone->minimum, true,
}
if (rebuild_nsec3) {
- if (nsec3chain != NULL)
+ if (nsec3chain != NULL) {
dns_dbiterator_pause(nsec3chain->dbiterator);
+ }
result = dns_nsec3_addnsec3s(db, version,
dns_db_origin(db),
/*
* Add / update signatures for the NSEC3 records.
*/
- if (nsec3chain != NULL)
+ if (nsec3chain != NULL) {
dns_dbiterator_pause(nsec3chain->dbiterator);
+ }
result = dns__zone_updatesigs(&nsec3_diff, db, version, zone_keys,
nkeys, zone, inception, expire, 0, now,
check_ksk, keyset_kskonly, &zonediff);
for (nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
nsec3chain != NULL;
nsec3chain = ISC_LIST_NEXT(nsec3chain, link))
+ {
dns_dbiterator_pause(nsec3chain->dbiterator);
+ }
UNLOCK_ZONE(zone);
/*
set_resigntime(zone);
failure:
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain: %s",
dns_result_totext(result));
+ }
+
/*
* On error roll back the current nsec3chain.
*/
for (nsec3chain = ISC_LIST_HEAD(zone->nsec3chain);
nsec3chain != NULL;
nsec3chain = ISC_LIST_NEXT(nsec3chain, link))
+ {
dns_dbiterator_pause(nsec3chain->dbiterator);
+ }
UNLOCK_ZONE(zone);
dns_diff_clear(¶m_diff);
dns_diff_clear(&nsec_diff);
dns_diff_clear(&_sig_diff);
- if (iterator != NULL)
+ if (iterator != NULL) {
dns_rdatasetiter_destroy(&iterator);
+ }
- for (i = 0; i < nkeys; i++)
+ for (i = 0; i < nkeys; i++) {
dst_key_free(&zone_keys[i]);
+ }
- if (node != NULL)
+ if (node != NULL) {
dns_db_detachnode(db, &node);
+ }
if (version != NULL) {
dns_db_closeversion(db, &version, false);
dns_db_detach(&db);
- } else if (db != NULL)
+ } else if (db != NULL) {
dns_db_detach(&db);
+ }
LOCK_ZONE(zone);
if (ISC_LIST_HEAD(zone->nsec3chain) != NULL) {
isc_interval_t interval;
- if (zone->update_disabled || result != ISC_R_SUCCESS)
+ if (zone->update_disabled || result != ISC_R_SUCCESS) {
isc_interval_set(&interval, 60, 0); /* 1 minute */
- else
+ } else {
isc_interval_set(&interval, 0, 10000000); /* 10 ms */
+ }
isc_time_nowplusinterval(&zone->nsec3chaintime, &interval);
- } else
+ } else {
isc_time_settoepoch(&zone->nsec3chaintime);
+ }
UNLOCK_ZONE(zone);
INSIST(version == NULL);
}
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
- if (zone->db != NULL)
+ if (zone->db != NULL) {
dns_db_attach(zone->db, &db);
+ }
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
if (db == NULL) {
result = ISC_R_FAILURE;
&build_nsec, &build_nsec3));
/* If neither chain is found, default to NSEC */
- if (!build_nsec && !build_nsec3)
+ if (!build_nsec && !build_nsec3) {
build_nsec = true;
+ }
while (signing != NULL && nodes-- > 0 && signatures > 0) {
bool has_alg = false;
}
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
- if (signing->db != db)
+ if (signing->db != db) {
goto next_signing;
+ }
is_bottom_of_zone = false;
NULL, NULL);
if ((result == DNS_R_DELEGATION ||
result == DNS_R_DNAME) &&
- !dns_name_equal(name, found)) {
+ !dns_name_equal(name, found))
+ {
/*
* Remember the obscuring name so that
* we skip all obscured names.
/*
* Find the keys we want to sign with.
*/
- if (!dst_key_isprivate(zone_keys[i]))
+ if (!dst_key_isprivate(zone_keys[i])) {
continue;
+ }
/*
* Should be redundant.
*/
- if (dst_key_inactive(zone_keys[i]))
+ if (dst_key_inactive(zone_keys[i])) {
continue;
+ }
/*
* When adding look for the specific key.
if (!signing->deleteit &&
(dst_key_alg(zone_keys[i]) != signing->algorithm ||
dst_key_id(zone_keys[i]) != signing->keyid))
+ {
continue;
+ }
/*
* When deleting make sure we are properly signed
*/
if (signing->deleteit &&
ALG(zone_keys[i]) != signing->algorithm)
+ {
continue;
+ }
/*
* Do we do KSK processing?
}
for (j = 0; j < nkeys; j++) {
if (j == i ||
- ALG(zone_keys[i]) !=
- ALG(zone_keys[j]))
+ (ALG(zone_keys[i]) !=
+ ALG(zone_keys[j])))
+ {
continue;
- if (!dst_key_isprivate(zone_keys[j]))
+ }
+ if (!dst_key_isprivate(zone_keys[j])) {
continue;
+ }
/*
* Should be redundant.
*/
- if (dst_key_inactive(zone_keys[j]))
+ if (dst_key_inactive(zone_keys[j])) {
continue;
- if (REVOKE(zone_keys[j]))
+ }
+ if (REVOKE(zone_keys[j])) {
continue;
- if (KSK(zone_keys[j]))
+ }
+ if (KSK(zone_keys[j])) {
have_ksk = true;
- else
+ } else {
have_nonksk = true;
+ }
both = have_ksk && have_nonksk;
- if (both)
+ if (both) {
break;
+ }
}
}
- if (both || REVOKE(zone_keys[i]))
+ if (both || REVOKE(zone_keys[i])) {
is_ksk = KSK(zone_keys[i]);
- else
+ } else {
is_ksk = false;
+ }
/*
* If deleting signatures, we need to ensure that
dns_dbiterator_current(signing->dbiterator,
&node, nextname);
dns_db_detachnode(db, &node);
- if (!dns_name_issubdomain(nextname, name))
+ if (!dns_name_issubdomain(nextname, name)) {
break;
- } else
+ }
+ } else {
break;
+ }
} while (1);
continue;
* Have we changed anything?
*/
if (ISC_LIST_EMPTY(zonediff.diff->tuples)) {
- if (zonediff.offline)
+ if (zonediff.offline) {
commit = true;
+ }
result = ISC_R_SUCCESS;
goto pauseall;
}
for (signing = ISC_LIST_HEAD(zone->signing);
signing != NULL;
signing = ISC_LIST_NEXT(signing, link))
+ {
dns_dbiterator_pause(signing->dbiterator);
+ }
for (signing = ISC_LIST_HEAD(cleanup);
signing != NULL;
signing = ISC_LIST_NEXT(signing, link))
+ {
dns_dbiterator_pause(signing->dbiterator);
+ }
/*
* Everything has succeeded. Commit the changes.
for (signing = ISC_LIST_HEAD(zone->signing);
signing != NULL;
signing = ISC_LIST_NEXT(signing, link))
+ {
dns_dbiterator_pause(signing->dbiterator);
+ }
/*
* Rollback the cleanup list.
dns_diff_clear(&_sig_diff);
- for (i = 0; i < nkeys; i++)
+ for (i = 0; i < nkeys; i++) {
dst_key_free(&zone_keys[i]);
+ }
- if (node != NULL)
+ if (node != NULL) {
dns_db_detachnode(db, &node);
+ }
if (version != NULL) {
dns_db_closeversion(db, &version, false);
dns_db_detach(&db);
- } else if (db != NULL)
+ } else if (db != NULL) {
dns_db_detach(&db);
+ }
if (ISC_LIST_HEAD(zone->signing) != NULL) {
isc_interval_t interval;
- if (zone->update_disabled || result != ISC_R_SUCCESS)
+ if (zone->update_disabled || result != ISC_R_SUCCESS) {
isc_interval_set(&interval, 60, 0); /* 1 minute */
- else
+ } else {
isc_interval_set(&interval, 0, 10000000); /* 10 ms */
+ }
isc_time_nowplusinterval(&zone->signingtime, &interval);
- } else
+ } else {
isc_time_settoepoch(&zone->signingtime);
+ }
INSIST(version == NULL);
}
dns_rdata_fromstruct(&rr, keydata->common.rdclass,
dns_rdatatype_dnskey, &dnskey, &keyb);
result = dns_dnssec_keyfromrdata(keyname, &rr, mctx, &dstkey);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
return (false);
+ }
/* See if that key generated any of the signatures */
for (result = dns_rdataset_first(&kfetch->dnskeysigset);
eresult = devent->result;
/* Free resources which are not of interest */
- if (devent->node != NULL)
+ if (devent->node != NULL) {
dns_db_detachnode(devent->db, &devent->node);
- if (devent->db != NULL)
+ }
+ if (devent->db != NULL) {
dns_db_detach(&devent->db);
+ }
isc_event_free(&event);
dns_resolver_destroyfetch(&kfetch->fetch);
LOCK_ZONE(zone);
- if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) || zone->view == NULL)
+ if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) || zone->view == NULL) {
goto cleanup;
+ }
isc_stdtime_get(&now);
dns_name_format(keyname, namebuf, sizeof(namebuf));
zone->refreshkeycount--;
alldone = (zone->refreshkeycount == 0);
- if (alldone)
+ if (alldone) {
DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESHING);
+ }
dns_zone_log(zone, ISC_LOG_DEBUG(3),
"Returned from key fetch in keyfetch_done() for "
/* Fetch failed */
if (eresult != ISC_R_SUCCESS ||
- !dns_rdataset_isassociated(&kfetch->dnskeyset)) {
+ !dns_rdataset_isassociated(&kfetch->dnskeyset))
+ {
dns_zone_log(zone, ISC_LOG_WARNING,
"Unable to fetch DNSKEY set "
"'%s': %s", namebuf, dns_result_totext(eresult));
dns_fixedname_init(&fixed);
dstkey = dns_keynode_key(keynode);
- if (dstkey == NULL) /* fail_secure() was called */
+ if (dstkey == NULL) {
+ /* fail_secure() was called */
break;
+ }
if (dst_key_alg(dstkey) == sig.algorithm &&
dst_key_id(dstkey) == sig.keyid)
if (!secure) {
if (keydata.removehd != 0 &&
- keydata.removehd <= now) {
+ keydata.removehd <= now)
+ {
deletekey = true;
}
} else if (keydata.addhd == 0) {
"unexpectedly missing "
"restarting 30-day acceptance "
"timer", keytag, namebuf);
- if (keydata.addhd < now + dns_zone_mkey_month)
+ if (keydata.addhd < now + dns_zone_mkey_month) {
keydata.addhd =
now + dns_zone_mkey_month;
- keydata.refresh = refresh_time(kfetch,
- false);
+ }
+ keydata.refresh = refresh_time(kfetch, false);
} else if (keydata.removehd == 0) {
dns_zone_log(zone, ISC_LOG_DEBUG(3),
"Active key %d for zone %s "
"managed keys database",
keytag, namebuf);
} else {
- keydata.refresh = refresh_time(kfetch,
- false);
+ keydata.refresh = refresh_time(kfetch, false);
}
if (secure || deletekey) {
&keydatarr));
}
- if (!secure || deletekey)
+ if (!secure || deletekey) {
continue;
+ }
dns_rdata_reset(&keydatarr);
isc_buffer_init(&keyb, key_buf, sizeof(key_buf));
&dnskey, mctx);
/* If initializing, delete now */
- if (keydata.addhd == 0)
+ if (keydata.addhd == 0) {
deletekey = true;
- else {
+ } else {
keydata.removehd = now +
dns_zone_mkey_month;
keydata.flags |=
"has returned: starting "
"30-day acceptance timer",
keytag, namebuf);
- } else if (keydata.addhd > now)
+ } else if (keydata.addhd > now) {
pending++;
- else if (keydata.addhd == 0)
+ } else if (keydata.addhd == 0) {
keydata.addhd = now;
+ }
if (keydata.addhd <= now) {
trustkey = true;
keytag, namebuf);
}
- if (!deletekey && !newkey)
+ if (!deletekey && !newkey) {
updatekey = true;
+ }
} else if (secure) {
/*
* Key wasn't in the key zone but it's
* revoked now anyway, so just skip it
*/
- if (revoked)
+ if (revoked) {
continue;
+ }
/* Key wasn't in the key zone: add it */
newkey = true;
}
/* Delete old version */
- if (deletekey || !newkey)
+ if (deletekey || !newkey) {
CHECK(update_one_rr(kfetch->db, ver, &diff,
DNS_DIFFOP_DEL, keyname, 0,
&keydatarr));
+ }
if (updatekey) {
/* Set refresh timer */
* see if there's pending keydata. If so, we put a null key in
* the security roots; then all queries to the zone will fail.
*/
- if (pending != 0)
+ if (pending != 0) {
fail_secure(zone, keyname);
+ }
done:
if (!ISC_LIST_EMPTY(diff.tuples)) {
isc_result_totext(result));
}
dns_diff_clear(&diff);
- if (ver != NULL)
+ if (ver != NULL) {
dns_db_closeversion(kfetch->db, &ver, commit);
+ }
cleanup:
dns_db_detach(&kfetch->db);
zone->irefs--;
kfetch->zone = NULL;
- if (dns_rdataset_isassociated(&kfetch->keydataset))
+ if (dns_rdataset_isassociated(&kfetch->keydataset)) {
dns_rdataset_disassociate(&kfetch->keydataset);
- if (dns_rdataset_isassociated(&kfetch->dnskeyset))
+ }
+ if (dns_rdataset_isassociated(&kfetch->dnskeyset)) {
dns_rdataset_disassociate(&kfetch->dnskeyset);
- if (dns_rdataset_isassociated(&kfetch->dnskeysigset))
+ }
+ if (dns_rdataset_isassociated(&kfetch->dnskeysigset)) {
dns_rdataset_disassociate(&kfetch->dnskeysigset);
+ }
dns_name_free(keyname, mctx);
isc_mem_put(mctx, kfetch, sizeof(dns_keyfetch_t));
isc_mem_detach(&mctx);
- if (secroots != NULL)
+ if (secroots != NULL) {
dns_keytable_detach(&secroots);
+ }
free_needed = exit_check(zone);
UNLOCK_ZONE(zone);
- if (free_needed)
+ if (free_needed) {
zone_free(zone);
+ }
INSIST(ver == NULL);
}
dns_rriterator_init(&rrit, db, ver, 0);
for (result = dns_rriterator_first(&rrit);
result == ISC_R_SUCCESS;
- result = dns_rriterator_nextrrset(&rrit)) {
+ result = dns_rriterator_nextrrset(&rrit))
+ {
isc_stdtime_t timer = 0xffffffff;
dns_name_t *name = NULL, *kname = NULL;
dns_rdataset_t *kdset = NULL;
dns_rriterator_current(&rrit, &name, &ttl, &kdset, NULL);
if (kdset == NULL || kdset->type != dns_rdatatype_keydata ||
!dns_rdataset_isassociated(kdset))
+ {
continue;
+ }
/*
* Scan the stored keys looking for ones that need
*/
for (result = dns_rdataset_first(kdset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(kdset)) {
+ result = dns_rdataset_next(kdset))
+ {
dns_rdata_reset(&rdata);
dns_rdataset_current(kdset, &rdata);
result = dns_rdata_tostruct(&rdata, &kd, NULL);
}
/* Acceptance timer expired? */
- if (kd.addhd <= now)
+ if (kd.addhd <= now) {
timer = kd.addhd;
+ }
/* Or do we just need to refresh the keyset? */
- if (timer > kd.refresh)
+ if (timer > kd.refresh) {
timer = kd.refresh;
+ }
set_refreshkeytimer(zone, &kd, now, false);
timerset = true;
}
- if (timer > now)
+ if (timer > now) {
continue;
+ }
kfetch = isc_mem_get(zone->mctx, sizeof(dns_keyfetch_t));
if (kfetch == NULL) {
result = ISC_R_FAILURE;
}
#endif
- if (result == ISC_R_SUCCESS)
+ if (result == ISC_R_SUCCESS) {
fetching = true;
- else {
+ } else {
zone->refreshkeycount--;
zone->irefs--;
dns_db_detach(&kfetch->db);
isc_time_settoepoch(&zone->refreshkeytime);
}
- if (!fetching)
+ if (!fetching) {
DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESHING);
+ }
dns_diff_clear(&diff);
if (ver != NULL) {
*/
for (tuple = ISC_LIST_HEAD(diff->tuples);
tuple != NULL;
- tuple = ISC_LIST_NEXT(tuple, link)) {
+ tuple = ISC_LIST_NEXT(tuple, link))
+ {
if (tuple->rdata.type == dns_rdatatype_dnskey &&
dns_name_equal(&tuple->name, &zone->origin))
+ {
break;
+ }
}
if (tuple == NULL) {
}
failure:
- for (i = 0; i < nkeys; i++)
+ for (i = 0; i < nkeys; i++) {
dst_key_free(&zone_keys[i]);
+ }
return (result);
}
/* Scan the tuples for an NSEC-only DNSKEY */
for (tuple = ISC_LIST_HEAD(diff->tuples);
tuple != NULL;
- tuple = ISC_LIST_NEXT(tuple, link)) {
+ tuple = ISC_LIST_NEXT(tuple, link))
+ {
uint8_t alg;
if (tuple->rdata.type != dns_rdatatype_dnskey ||
tuple->op != DNS_DIFFOP_ADD)
+ {
continue;
+ }
alg = tuple->rdata.data[3];
if (alg == DST_ALG_RSASHA1) {
/* Check existing DB for NSEC-only DNSKEY */
if (!nseconly) {
result = dns_nsec_nseconly(db, ver, &nseconly);
- if (result == ISC_R_NOTFOUND)
+ if (result == ISC_R_NOTFOUND) {
result = ISC_R_SUCCESS;
+ }
CHECK(result);
}
/* Check existing DB for NSEC3 */
- if (!nsec3)
+ if (!nsec3) {
CHECK(dns_nsec3_activex(db, ver, false,
privatetype, &nsec3));
+ }
/* Refuse to allow NSEC3 with NSEC-only keys */
if (nseconly && nsec3) {
dns_dbversion_t *ver = NULL;
dns_rdataset_t cdsset, soaset, soasigs, keyset, keysigs, cdnskeyset;
dns_dnsseckeylist_t dnskeys, keys, rmkeys;
- dns_dnsseckey_t *key;
+ dns_dnsseckey_t *key = NULL;
dns_diff_t diff, _sig_diff;
dns__zonediff_t zonediff;
bool commit = false, newactive = false;
bool newalg = false;
bool fullsign;
dns_ttl_t ttl = 3600;
- const char *dir;
- isc_mem_t *mctx;
+ const char *dir = NULL;
+ isc_mem_t *mctx = NULL;
isc_stdtime_t now;
isc_time_t timenow;
isc_interval_t ival;
&keysigs, &soasigs,
false, false,
&dnskeys));
- } else if (result != ISC_R_NOTFOUND)
+ } else if (result != ISC_R_NOTFOUND) {
goto failure;
+ }
/* Get the CDS rdataset */
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_cdnskey,
dns_rdatatype_none, 0, &cdnskeyset, NULL);
if (result != ISC_R_SUCCESS && dns_rdataset_isassociated(&cdnskeyset))
+ {
dns_rdataset_disassociate(&cdnskeyset);
+ }
/*
* True when called from "rndc sign". Indicates the zone should be
*/
for (key = ISC_LIST_HEAD(dnskeys);
key != NULL;
- key = ISC_LIST_NEXT(key, link)) {
- if (!key->first_sign)
+ key = ISC_LIST_NEXT(key, link))
+ {
+ if (!key->first_sign) {
continue;
+ }
newactive = true;
}
if ((newactive || fullsign || !ISC_LIST_EMPTY(diff.tuples)) &&
- dnskey_sane(zone, db, ver, &diff)) {
+ dnskey_sane(zone, db, ver, &diff))
+ {
CHECK(dns_diff_apply(&diff, db, ver));
CHECK(clean_nsec3param(zone, db, ver, &diff));
CHECK(add_signing_records(db, zone->privatetype,
if (!ISC_LIST_EMPTY(rmkeys)) {
for (key = ISC_LIST_HEAD(rmkeys);
key != NULL;
- key = ISC_LIST_NEXT(key, link)) {
+ key = ISC_LIST_NEXT(key, link))
+ {
result = zone_signwithkey(zone,
dst_key_alg(key->key),
dst_key_id(key->key),
*/
for (key = ISC_LIST_HEAD(dnskeys);
key != NULL;
- key = ISC_LIST_NEXT(key, link)) {
- if (!key->force_sign && !key->hint_sign)
+ key = ISC_LIST_NEXT(key, link))
+ {
+ if (!key->force_sign && !key->hint_sign) {
continue;
+ }
result = zone_signwithkey(zone,
dst_key_alg(key->key),
*/
for (key = ISC_LIST_HEAD(dnskeys);
key != NULL;
- key = ISC_LIST_NEXT(key, link)) {
- if (!key->first_sign)
+ key = ISC_LIST_NEXT(key, link))
+ {
+ if (!key->first_sign) {
continue;
+ }
result = zone_signwithkey(zone,
dst_key_alg(key->key),
*/
for (tuple = ISC_LIST_HEAD(zonediff.diff->tuples);
tuple != NULL;
- tuple = ISC_LIST_NEXT(tuple, link)) {
+ tuple = ISC_LIST_NEXT(tuple, link))
+ {
unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_nsec3param_t nsec3param;
if (tuple->rdata.type != zone->privatetype ||
tuple->op != DNS_DIFFOP_ADD)
+ {
continue;
+ }
if (!dns_nsec3param_fromprivate(&tuple->rdata, &rdata,
buf, sizeof(buf)))
+ {
continue;
+ }
+
result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
- if (nsec3param.flags == 0)
+ if (nsec3param.flags == 0) {
continue;
+ }
result = zone_addnsec3chain(zone, &nsec3param);
if (result != ISC_R_SUCCESS) {
* Activate any NSEC3 chain updates that may have
* been scheduled before this rekey.
*/
- if (fullsign || newalg)
+ if (fullsign || newalg) {
resume_addnsec3chain(zone);
+ }
/*
* Schedule the next resigning event
for (key = ISC_LIST_HEAD(dnskeys);
key != NULL;
- key = ISC_LIST_NEXT(key, link)) {
+ key = ISC_LIST_NEXT(key, link))
+ {
then = now;
result = next_keyevent(key->key, &then);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
continue;
+ }
DNS_ZONE_TIME_ADD(&timenow, then - now, &timethen);
LOCK_ZONE(zone);
if (isc_time_compare(&timethen,
- &zone->refreshkeytime) < 0) {
+ &zone->refreshkeytime) < 0)
+ {
zone->refreshkeytime = timethen;
}
UNLOCK_ZONE(zone);
dns_zone_log(zone, ISC_LOG_INFO, "next key event: %s", timebuf);
}
- done:
+ result = ISC_R_SUCCESS;
+
+ failure:
+ if (result != ISC_R_SUCCESS) {
+ /*
+ * Something went wrong; try again in ten minutes or
+ * after a key refresh interval, whichever is shorter.
+ */
+ isc_interval_set(&ival,
+ ISC_MIN(zone->refreshkeyinterval, 600), 0);
+ isc_time_nowplusinterval(&zone->refreshkeytime, &ival);
+ }
+
dns_diff_clear(&diff);
dns_diff_clear(&_sig_diff);
clear_keylist(&keys, mctx);
clear_keylist(&rmkeys, mctx);
- if (ver != NULL)
+ if (ver != NULL) {
dns_db_closeversion(db, &ver, false);
- if (dns_rdataset_isassociated(&cdsset))
+ }
+ if (dns_rdataset_isassociated(&cdsset)) {
dns_rdataset_disassociate(&cdsset);
- if (dns_rdataset_isassociated(&keyset))
+ }
+ if (dns_rdataset_isassociated(&keyset)) {
dns_rdataset_disassociate(&keyset);
- if (dns_rdataset_isassociated(&keysigs))
+ }
+ if (dns_rdataset_isassociated(&keysigs)) {
dns_rdataset_disassociate(&keysigs);
- if (dns_rdataset_isassociated(&soasigs))
+ }
+ if (dns_rdataset_isassociated(&soasigs)) {
dns_rdataset_disassociate(&soasigs);
- if (dns_rdataset_isassociated(&cdnskeyset))
+ }
+ if (dns_rdataset_isassociated(&cdnskeyset)) {
dns_rdataset_disassociate(&cdnskeyset);
- if (node != NULL)
+ }
+ if (node != NULL) {
dns_db_detachnode(db, &node);
- if (db != NULL)
+ }
+ if (db != NULL) {
dns_db_detach(&db);
+ }
INSIST(ver == NULL);
- return;
-
- failure:
- /*
- * Something went wrong; try again in ten minutes or
- * after a key refresh interval, whichever is shorter.
- */
- isc_interval_set(&ival, ISC_MIN(zone->refreshkeyinterval, 600), 0);
- isc_time_nowplusinterval(&zone->refreshkeytime, &ival);
- goto done;
}
void
dns_diff_init(zone->mctx, &diff);
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
- if (zone->db != NULL)
+ if (zone->db != NULL) {
dns_db_attach(zone->db, &db);
+ }
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
- if (db == NULL)
+ if (db == NULL) {
goto failure;
+ }
dns_db_currentversion(db, &oldver);
result = dns_db_newversion(db, &newver);
}
result = dns_db_getoriginnode(db, &node);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
goto failure;
+ }
result = dns_db_findrdataset(db, node, newver, zone->privatetype,
dns_rdatatype_none, 0, &rdataset, NULL);
for (result = dns_rdataset_first(&rdataset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(&rdataset)) {
+ result = dns_rdataset_next(&rdataset))
+ {
bool found = false;
dns_rdataset_current(&rdataset, &rdata);
if (kd->all) {
if (rdata.length == 5 && rdata.data[0] != 0 &&
rdata.data[3] == 0 && rdata.data[4] == 1)
+ {
found = true;
- else if (rdata.data[0] == 0 &&
- (rdata.data[2] & PENDINGFLAGS) != 0) {
+ } else if (rdata.data[0] == 0 &&
+ (rdata.data[2] & PENDINGFLAGS) != 0)
+ {
found = true;
clear_pending = true;
}
} else if (rdata.length == 5 &&
memcmp(rdata.data, kd->data, 5) == 0)
+ {
found = true;
+ }
- if (found)
+ if (found) {
CHECK(update_one_rr(db, newver, &diff, DNS_DIFFOP_DEL,
&zone->origin, rdataset.ttl,
&rdata));
+ }
dns_rdata_reset(&rdata);
}
result = dns_update_signatures(&log, zone, db,
oldver, newver, &diff,
zone->sigvalidityinterval);
- if (!clear_pending)
+ if (!clear_pending) {
CHECK(result);
+ }
CHECK(zone_journal(zone, &diff, NULL, "keydone"));
commit = true;
}
failure:
- if (dns_rdataset_isassociated(&rdataset))
+ if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
+ }
if (db != NULL) {
- if (node != NULL)
+ if (node != NULL) {
dns_db_detachnode(db, &node);
- if (oldver != NULL)
+ }
+ if (oldver != NULL) {
dns_db_closeversion(db, &oldver, false);
- if (newver != NULL)
+ }
+ if (newver != NULL) {
dns_db_closeversion(db, &newver, commit);
+ }
dns_db_detach(&db);
}
dns_diff_clear(&diff);
}
kd = (struct keydone *) e;
- if (strcasecmp(keystr, "all") == 0)
+ if (strcasecmp(keystr, "all") == 0) {
kd->all = true;
- else {
+ } else {
isc_textregion_t r;
const char *algstr;
dns_keytag_t keyid;
kd->all = false;
n = sscanf(keystr, "%hu/", &keyid);
- if (n == 0U)
+ if (n == 0U) {
CHECK(ISC_R_FAILURE);
+ }
algstr = strchr(keystr, '/');
- if (algstr != NULL)
+ if (algstr != NULL) {
algstr++;
- else
+ } else {
CHECK(ISC_R_FAILURE);
+ }
n = sscanf(algstr, "%hhu", &alg);
if (n == 0U) {
isc_task_send(zone->task, &e);
failure:
- if (e != NULL)
+ if (e != NULL) {
isc_event_free(&e);
+ }
UNLOCK_ZONE(zone);
return (result);
}
dns_diff_init(zone->mctx, &diff);
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
- if (zone->db != NULL)
+ if (zone->db != NULL) {
dns_db_attach(zone->db, &db);
+ }
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
- if (db == NULL)
+ if (db == NULL) {
goto failure;
+ }
dns_db_currentversion(db, &oldver);
result = dns_db_newversion(db, &newver);
if (result == ISC_R_SUCCESS) {
for (result = dns_rdataset_first(&prdataset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(&prdataset)) {
+ result = dns_rdataset_next(&prdataset))
+ {
dns_rdata_init(&rdata);
dns_rdataset_current(&prdataset, &rdata);
if (np->length == rdata.length &&
- memcmp(rdata.data, np->data, np->length) == 0) {
+ memcmp(rdata.data, np->data, np->length) == 0)
+ {
exists = true;
break;
}
if (result == ISC_R_SUCCESS) {
for (result = dns_rdataset_first(&nrdataset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(&nrdataset)) {
+ result = dns_rdataset_next(&nrdataset))
+ {
dns_rdata_init(&rdata);
dns_rdataset_current(&nrdataset, &rdata);
* parameters are supposed to replace the current ones or if we are
* switching to NSEC.
*/
- if (!exists && np->replace && (np->length != 0 || np->nsec))
+ if (!exists && np->replace && (np->length != 0 || np->nsec)) {
CHECK(dns_nsec3param_deletechains(db, newver, zone,
!np->nsec, &diff));
+ }
if (!exists && np->length != 0) {
/*
np->data[2] |= DNS_NSEC3FLAG_CREATE;
result = dns_nsec_nseconly(db, newver, &nseconly);
- if (result == ISC_R_NOTFOUND || nseconly)
+ if (result == ISC_R_NOTFOUND || nseconly) {
np->data[2] |= DNS_NSEC3FLAG_INITIAL;
+ }
rdata.length = np->length;
rdata.data = np->data;
result = dns_update_signatures(&log, zone, db,
oldver, newver, &diff,
zone->sigvalidityinterval);
- if (result != ISC_R_NOTFOUND)
+ if (result != ISC_R_NOTFOUND) {
CHECK(result);
+ }
CHECK(zone_journal(zone, &diff, NULL, "setnsec3param"));
commit = true;
}
failure:
- if (dns_rdataset_isassociated(&prdataset))
+ if (dns_rdataset_isassociated(&prdataset)) {
dns_rdataset_disassociate(&prdataset);
- if (dns_rdataset_isassociated(&nrdataset))
+ }
+ if (dns_rdataset_isassociated(&nrdataset)) {
dns_rdataset_disassociate(&nrdataset);
- if (node != NULL)
+ }
+ if (node != NULL) {
dns_db_detachnode(db, &node);
- if (oldver != NULL)
+ }
+ if (oldver != NULL) {
dns_db_closeversion(db, &oldver, false);
- if (newver != NULL)
+ }
+ if (newver != NULL) {
dns_db_closeversion(db, &newver, commit);
- if (db != NULL)
+ }
+ if (db != NULL) {
dns_db_detach(&db);
+ }
if (commit) {
LOCK_ZONE(zone);
resume_addnsec3chain(zone);
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
failure:
- if (e != NULL)
+ if (e != NULL) {
isc_event_free(&e);
+ }
UNLOCK_ZONE(zone);
return (result);
}
projects / thirdparty / bind9.git / commitdiff
