3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to

author Evan Hunt <each@isc.org>

Thu, 3 Nov 2011 02:54:47 +0000 (02:54 +0000)

committer Evan Hunt <each@isc.org>

Thu, 3 Nov 2011 02:54:47 +0000 (02:54 +0000)
author Evan Hunt <each@isc.org>
Thu, 3 Nov 2011 02:54:47 +0000 (02:54 +0000)
committer Evan Hunt <each@isc.org>
Thu, 3 Nov 2011 02:54:47 +0000 (02:54 +0000)
diff --git a/CHANGES b/CHANGES

index 944656d430b139e6ede5230db5c62c089e7c67d1..a7a853c41a1ecdc829db030de7a251a59f4b5b6d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3193.  [cleanup]       Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
+                       dnssec.h. [RT #26415]
+
  3192.  [bug]           A query structure could be used after being freed.
                         [RT #22208]
  
diff --git a/lib/dns/include/dns/dnssec.h b/lib/dns/include/dns/dnssec.h

index cfd202706affc3a3bcbc844b76b0f7702d7497e5..f30d36c4b4c260bfd270a37dc95069b1dd8fbd96 100644 (file)
--- a/lib/dns/include/dns/dnssec.h
+++ b/lib/dns/include/dns/dnssec.h
@@ -15,7 +15,7 @@
   * PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: dnssec.h,v 1.46 2011/05/06 23:47:29 tbox Exp $ */
+/* $Id: dnssec.h,v 1.47 2011/11/03 02:54:47 each Exp $ */
  
  #ifndef DNS_DNSSEC_H
  #define DNS_DNSSEC_H 1
@@ -32,6 +32,9 @@
  
  ISC_LANG_BEGINDECLS
  
+/*%< Maximum number of keys supported in a zone. */
+#define DNS_MAXZONEKEYS 32
+
  /*
   * Indicates how the signer found this key: in the key repository, at the
   * zone apex, or specified by the user.
diff --git a/lib/dns/update.c b/lib/dns/update.c

index 2f7cdaa56b8e0c6e005769860b0b60e5076ddaaa..46fd90e7087cd0faf55e2c7dd99bc09ae5b5e591 100644 (file)
--- a/lib/dns/update.c
+++ b/lib/dns/update.c
@@ -14,7 +14,7 @@
   * PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: update.c,v 1.5 2011/08/30 23:46:52 tbox Exp $ */
+/* $Id: update.c,v 1.6 2011/11/03 02:54:47 each Exp $ */
  
  #include <config.h>
  
@@ -713,8 +713,6 @@ delete_if(rr_predicate *predicate, dns_db_t *db, dns_dbversion_t *ver,
   * Incremental updating of NSECs and RRSIGs.
   */
  
-#define MAXZONEKEYS 32 /*%< Maximum number of zone keys supported. */
-
  /*%
   * We abuse the dns_diff_t type to represent a set of domain names
   * affected by the update.
@@ -1338,7 +1336,7 @@ dns_update_signatures(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
         dns_diff_t nsec_diff;
         dns_diff_t nsec_mindiff;
         isc_boolean_t flag, build_nsec, build_nsec3;
-       dst_key_t *zone_keys[MAXZONEKEYS];
+       dst_key_t *zone_keys[DNS_MAXZONEKEYS];
         unsigned int nkeys = 0;
         unsigned int i;
         isc_stdtime_t now, inception, expire;
@@ -1361,7 +1359,7 @@ dns_update_signatures(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
         dns_diff_init(diff->mctx, &nsec_mindiff);
  
         result = find_zone_keys(zone, db, newver, diff->mctx,
-                               MAXZONEKEYS, zone_keys, &nkeys);
+                               DNS_MAXZONEKEYS, zone_keys, &nkeys);
         if (result != ISC_R_SUCCESS) {
                 update_log(log, zone, ISC_LOG_ERROR,
                            "could not get zone keys for secure dynamic update");
diff --git a/lib/dns/zone.c b/lib/dns/zone.c

index 6b0a409209f52465ad45793940a06a563f8ec115..c570cf663493f544230a51abfacd916060d157ae 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
   * PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: zone.c,v 1.644 2011/11/01 04:00:44 each Exp $ */
+/* $Id: zone.c,v 1.645 2011/11/03 02:54:47 each Exp $ */
  
  /*! \file */
  
@@ -4803,8 +4803,6 @@ was_dumping(dns_zone_t *zone) {
         return (dumping);
  }
  
-#define MAXZONEKEYS 10
-
  static isc_result_t
  find_zone_keys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
                isc_mem_t *mctx, unsigned int maxkeys,
@@ -5185,7 +5183,7 @@ zone_resigninc(dns_zone_t *zone) {
         dns_name_t *name;
         dns_rdataset_t rdataset;
         dns_rdatatype_t covers;
-       dst_key_t *zone_keys[MAXZONEKEYS];
+       dst_key_t *zone_keys[DNS_MAXZONEKEYS];
         isc_boolean_t check_ksk, keyset_kskonly = ISC_FALSE;
         isc_result_t result;
         isc_stdtime_t now, inception, soaexpire, expire, stop;
@@ -5223,7 +5221,7 @@ zone_resigninc(dns_zone_t *zone) {
                 goto failure;
         }
  
-       result = find_zone_keys(zone, db, version, zone->mctx, MAXZONEKEYS,
+       result = find_zone_keys(zone, db, version, zone->mctx, DNS_MAXZONEKEYS,
                                 zone_keys, &nkeys);
         if (result != ISC_R_SUCCESS) {
                 dns_zone_log(zone, ISC_LOG_ERROR,
@@ -6089,7 +6087,7 @@ zone_nsec3chain(dns_zone_t *zone) {
         dns_rdataset_t rdataset;
         dns_nsec3chain_t *nsec3chain = NULL, *nextnsec3chain;
         dns_nsec3chainlist_t cleanup;
-       dst_key_t *zone_keys[MAXZONEKEYS];
+       dst_key_t *zone_keys[DNS_MAXZONEKEYS];
         isc_int32_t signatures;
         isc_boolean_t check_ksk, keyset_kskonly;
         isc_boolean_t delegation;
@@ -6141,7 +6139,7 @@ zone_nsec3chain(dns_zone_t *zone) {
         }
  
         result = find_zone_keys(zone, db, version, zone->mctx,
-                               MAXZONEKEYS, zone_keys, &nkeys);
+                               DNS_MAXZONEKEYS, zone_keys, &nkeys);
         if (result != ISC_R_SUCCESS) {
                 dns_zone_log(zone, ISC_LOG_ERROR,
                              "zone_nsec3chain:find_zone_keys -> %s\n",
@@ -6922,7 +6920,7 @@ zone_sign(dns_zone_t *zone) {
         dns_rdataset_t rdataset;
         dns_signing_t *signing, *nextsigning;
         dns_signinglist_t cleanup;
-       dst_key_t *zone_keys[MAXZONEKEYS];
+       dst_key_t *zone_keys[DNS_MAXZONEKEYS];
         isc_int32_t signatures;
         isc_boolean_t check_ksk, keyset_kskonly, is_ksk;
         isc_boolean_t commit = ISC_FALSE;
@@ -6968,7 +6966,7 @@ zone_sign(dns_zone_t *zone) {
         }
  
         result = find_zone_keys(zone, db, version, zone->mctx,
-                               MAXZONEKEYS, zone_keys, &nkeys);
+                               DNS_MAXZONEKEYS, zone_keys, &nkeys);
         if (result != ISC_R_SUCCESS) {
                 dns_zone_log(zone, ISC_LOG_ERROR,
                              "zone_sign:find_zone_keys -> %s\n",
@@ -14698,11 +14696,11 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
         isc_result_t result;
         isc_stdtime_t now, inception, soaexpire;
         isc_boolean_t check_ksk, keyset_kskonly;
-       dst_key_t *zone_keys[MAXZONEKEYS];
+       dst_key_t *zone_keys[DNS_MAXZONEKEYS];
         unsigned int nkeys = 0, i;
         dns_difftuple_t *tuple;
  
-       result = find_zone_keys(zone, db, ver, zone->mctx, MAXZONEKEYS,
+       result = find_zone_keys(zone, db, ver, zone->mctx, DNS_MAXZONEKEYS,
                                 zone_keys, &nkeys);
         if (result != ISC_R_SUCCESS) {
                 dns_zone_log(zone, ISC_LOG_ERROR,
@@ -14989,7 +14987,8 @@ zone_rekey(dns_zone_t *zone) {
                         goto failure;
                 }
  
-               /* See if any pre-existing keys have newly become active;
+               /*
+                * See if any pre-existing keys have newly become active;
                  * also, see if any new key is for a new algorithm, as in that
                  * event, we need to sign the zone fully.  (If there's a new
                  * key, but it's for an already-existing algorithm, then
author	Evan Hunt <each@isc.org>
	Thu, 3 Nov 2011 02:54:47 +0000 (02:54 +0000)
committer	Evan Hunt <each@isc.org>
	Thu, 3 Nov 2011 02:54:47 +0000 (02:54 +0000)
CHANGES		patch \| blob \| blame \| history
lib/dns/include/dns/dnssec.h		patch \| blob \| blame \| history
lib/dns/update.c		patch \| blob \| blame \| history
lib/dns/zone.c		patch \| blob \| blame \| history