dir = dns_zone_getkeydirectory(zone);
CHECK(dns_zone_getdb(zone, &db));
dns_db_currentversion(db, &version);
- LOCK(&kasp->lock);
result = dns_zone_getdnsseckeys(zone, db, version, now, &keys);
- UNLOCK(&kasp->lock);
if (result != ISC_R_SUCCESS) {
if (result != ISC_R_NOTFOUND) {
goto cleanup;
/*
* Output the DNSSEC status of the key and signing policy.
*/
- LOCK(&kasp->lock);
dns_keymgr_status(kasp, &keys, now, &output[0], sizeof(output));
- UNLOCK(&kasp->lock);
CHECK(putstr(text, output));
} else if (checkds) {
/*
isc_time_formattimestamp(&timewhen, whenbuf, sizeof(whenbuf));
isc_result_t ret;
- LOCK(&kasp->lock);
if (use_keyid) {
result = dns_keymgr_checkds_id(kasp, &keys, dir, now,
when, dspublish, keyid,
result = dns_keymgr_checkds(kasp, &keys, dir, now, when,
dspublish);
}
- UNLOCK(&kasp->lock);
switch (result) {
case ISC_R_SUCCESS:
isc_time_formattimestamp(&timewhen, whenbuf, sizeof(whenbuf));
isc_result_t ret;
- LOCK(&kasp->lock);
result = dns_keymgr_rollover(kasp, &keys, dir, now, when, keyid,
(unsigned int)algorithm);
- UNLOCK(&kasp->lock);
switch (result) {
case ISC_R_SUCCESS:
#include <isc/lang.h>
#include <isc/magic.h>
-#include <isc/mutex.h>
#include <isc/refcount.h>
#include <dns/types.h>
struct dns_kasp_key {
isc_mem_t *mctx;
- /* Locked by themselves. */
isc_refcount_t references;
-
- /* Under owner's locking control. */
ISC_LINK(struct dns_kasp_key) link;
/* Configuration */
char *name;
/* Internals. */
- isc_mutex_t lock;
- bool frozen;
-
- /* Locked by themselves. */
+ bool frozen;
isc_refcount_t references;
- /* Under owner's locking control. */
ISC_LINK(struct dns_kasp) link;
/* Configuration: signatures */
kasp->mctx = NULL;
isc_mem_attach(mctx, &kasp->mctx);
kasp->name = isc_mem_strdup(mctx, name);
- isc_mutex_init(&kasp->lock);
isc_refcount_init(&kasp->references, 1);
*kaspp = kasp;
}
INSIST(ISC_LIST_EMPTY(kasp->digests));
- isc_mutex_destroy(&kasp->lock);
isc_mem_free(kasp->mctx, kasp->name);
isc_mem_putanddetach(&kasp->mctx, kasp, sizeof(*kasp));
}
/*%
* KASP flags
*/
-#define KASP_LOCK(k) \
- if ((k) != NULL) { \
- LOCK((&((k)->lock))); \
- }
-
-#define KASP_UNLOCK(k) \
- if ((k) != NULL) { \
- UNLOCK((&((k)->lock))); \
- }
/*
* Default values.
/*%
* Find DNSSEC keys used for signing zone with dnssec-policy. Load these keys
- * into 'keys'. Requires KASP to be locked.
+ * into 'keys'.
*/
isc_result_t
dns_zone_getdnsseckeys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
int zsk_count = 0;
bool approved;
- KASP_LOCK(kasp);
for (kkey = ISC_LIST_HEAD(dns_kasp_keys(kasp)); kkey != NULL;
kkey = ISC_LIST_NEXT(kkey, link))
{
zsk_count++;
}
}
- KASP_UNLOCK(kasp);
if (dns_rdatatype_iskeymaterial(type)) {
/*
CHECK(dns_zone_getdb(zone, &db));
dns_db_currentversion(db, &version);
- KASP_LOCK(kasp);
LOCK_ZONE(zone);
for (key = ISC_LIST_HEAD(zone->checkds_ok); key != NULL;
key = ISC_LIST_NEXT(key, link))
}
}
UNLOCK_ZONE(zone);
- KASP_UNLOCK(kasp);
/* Rekey after checkds. */
if (rekey) {
*/
fullsign = DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_FULLSIGN);
- KASP_LOCK(kasp);
-
dns_zone_lock_keyfiles(zone);
result = dns_dnssec_findmatchingkeys(&zone->origin, dir, now, mctx,
&keys);
"zone_rekey:dns_dnssec_keymgr "
"failed: %s",
isc_result_totext(result));
- KASP_UNLOCK(kasp);
goto failure;
}
}
}
- KASP_UNLOCK(kasp);
-
if (result == ISC_R_SUCCESS) {
dns_kasp_digestlist_t digests;
bool cdsdel = false;
projects / thirdparty / bind9.git / commitdiff
