Add new dns_rdatatype_iskeymaterial() function

author Matthijs Mekking <matthijs@isc.org>

Wed, 15 Mar 2023 10:51:33 +0000 (11:51 +0100)

committer Matthijs Mekking <matthijs@isc.org>

Tue, 23 May 2023 06:53:23 +0000 (08:53 +0200)
author Matthijs Mekking <matthijs@isc.org>
Wed, 15 Mar 2023 10:51:33 +0000 (11:51 +0100)
committer Matthijs Mekking <matthijs@isc.org>
Tue, 23 May 2023 06:53:23 +0000 (08:53 +0200)
diff --git a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h

index 1ff135e697caf4c1ab1adc2185f36461de6a40f1..36f79c8edd2887ad92d884a1b168e9e17717f919 100644 (file)
--- a/lib/dns/include/dns/rdata.h
+++ b/lib/dns/include/dns/rdata.h
@@ -565,6 +565,13 @@ dns_rdatatype_isdnssec(dns_rdatatype_t type);
   * \li 'type' is a valid rdata type.
   */
  
+bool
+dns_rdatatype_iskeymaterial(dns_rdatatype_t type);
+/*%<
+ * Return true iff the rdata type 'type' is a DNSSEC key
+ * related type, like DNSKEY, CDNSKEY, or CDS.
+ */
+
  bool
  dns_rdatatype_iszonecutauth(dns_rdatatype_t type);
  /*%<
diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c

index d90ef212f449d56c135d508585b14b1f44cd3005..13218d069cb5519df04e98715eb975cae6aa14fa 100644 (file)
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -2272,6 +2272,12 @@ dns_rdatatype_isdnssec(dns_rdatatype_t type) {
         return (false);
  }
  
+bool
+dns_rdatatype_iskeymaterial(dns_rdatatype_t type) {
+       return (type == dns_rdatatype_dnskey || type == dns_rdatatype_cdnskey ||
+               type == dns_rdatatype_cds);
+}
+
  bool
  dns_rdatatype_iszonecutauth(dns_rdatatype_t type) {
         if ((dns_rdatatype_attributes(type) & DNS_RDATATYPEATTR_ZONECUTAUTH) !=
diff --git a/lib/dns/update.c b/lib/dns/update.c

index c547c041a85ac2e8f18dafd74bc9a38eb18a428a..43a30a311fba52be80bf4f9368e98034d3c43242 100644 (file)
--- a/lib/dns/update.c
+++ b/lib/dns/update.c
@@ -1201,10 +1201,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
                                 }
                         }
  
-                       if (type == dns_rdatatype_dnskey ||
-                           type == dns_rdatatype_cdnskey ||
-                           type == dns_rdatatype_cds)
-                       {
+                       if (dns_rdatatype_iskeymaterial(type)) {
                                 /*
                                  * DNSKEY RRset is signed with KSK.
                                  * CDS and CDNSKEY RRsets too (RFC 7344, 4.1).
@@ -1238,10 +1235,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
                         /*
                          * CDS and CDNSKEY are signed with KSK (RFC 7344, 4.1).
                          */
-                       if (type == dns_rdatatype_dnskey ||
-                           type == dns_rdatatype_cdnskey ||
-                           type == dns_rdatatype_cds)
-                       {
+                       if (dns_rdatatype_iskeymaterial(type)) {
                                 if (!KSK(keys[i]) && keyset_kskonly) {
                                         continue;
                                 }
@@ -1670,10 +1664,7 @@ next_state:
                                                     &flag));
                                 if (flag) {
                                         isc_stdtime_t exp;
-                                       if (type == dns_rdatatype_dnskey ||
-                                           type == dns_rdatatype_cdnskey ||
-                                           type == dns_rdatatype_cds)
-                                       {
+                                       if (dns_rdatatype_iskeymaterial(type)) {
                                                 exp = state->keyexpire;
                                         } else if (type == dns_rdatatype_soa) {
                                                 exp = state->soaexpire;
diff --git a/lib/dns/zone.c b/lib/dns/zone.c

index 40682992fa93ea8e72cd378f3b3bad3aa2b3381f..8ea68a65492e66b2128a4593855f4a628907cc4d 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -6384,9 +6384,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
                 result = dns_rdata_tostruct(&rdata, &rrsig, NULL);
                 RUNTIME_CHECK(result == ISC_R_SUCCESS);
  
-               if (type != dns_rdatatype_dnskey && type != dns_rdatatype_cds &&
-                   type != dns_rdatatype_cdnskey)
-               {
+               if (!dns_rdatatype_iskeymaterial(type)) {
                         bool warn = false, deleted = false;
                         if (delsig_ok(&rrsig, keys, nkeys, kasp, &warn)) {
                                 result = update_one_rr(db, ver, zonediff->diff,
@@ -6703,10 +6701,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone,
                                 both = have_ksk && have_zsk;
                         }
  
-                       if (type == dns_rdatatype_dnskey ||
-                           type == dns_rdatatype_cdnskey ||
-                           type == dns_rdatatype_cds)
-                       {
+                       if (dns_rdatatype_iskeymaterial(type)) {
                                 /*
                                  * DNSKEY RRset is signed with KSK.
                                  * CDS and CDNSKEY RRsets too (RFC 7344, 4.1).
@@ -6746,10 +6741,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone,
                         /*
                          * CDS and CDNSKEY are signed with KSK (RFC 7344, 4.1).
                          */
-                       if (type == dns_rdatatype_dnskey ||
-                           type == dns_rdatatype_cdnskey ||
-                           type == dns_rdatatype_cds)
-                       {
+                       if (dns_rdatatype_iskeymaterial(type)) {
                                 if (!KSK(keys[i]) && keyset_kskonly) {
                                         continue;
                                 }
@@ -7150,9 +7142,7 @@ signed_with_good_key(dns_zone_t *zone, dns_db_t *db, dns_dbnode_t *node,
                 }
                 KASP_UNLOCK(kasp);
  
-               if (type == dns_rdatatype_dnskey ||
-                   type == dns_rdatatype_cdnskey || type == dns_rdatatype_cds)
-               {
+               if (dns_rdatatype_iskeymaterial(type)) {
                         /*
                          * CDS and CDNSKEY are signed with KSK like DNSKEY.
                          * (RFC 7344, section 4.1 specifies that they must
@@ -7327,10 +7317,7 @@ sign_a_node(dns_db_t *db, dns_zone_t *zone, dns_name_t *name,
                 {
                         goto next_rdataset;
                 }
-               if (rdataset.type == dns_rdatatype_dnskey ||
-                   rdataset.type == dns_rdatatype_cdnskey ||
-                   rdataset.type == dns_rdatatype_cds)
-               {
+               if (dns_rdatatype_iskeymaterial(rdataset.type)) {
                         /*
                          * CDS and CDNSKEY are signed with KSK like DNSKEY.
                          * (RFC 7344, section 4.1 specifies that they must
@@ -7944,9 +7931,7 @@ dns__zone_updatesigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
                 isc_stdtime_t exp = expire;
  
                 if (keyexpire != 0 &&
-                   (tuple->rdata.type == dns_rdatatype_dnskey ||
-                    tuple->rdata.type == dns_rdatatype_cdnskey ||
-                    tuple->rdata.type == dns_rdatatype_cds))
+                   dns_rdatatype_iskeymaterial(tuple->rdata.type))
                 {
                         exp = keyexpire;
                 }
@@ -16109,10 +16094,7 @@ sync_secure_journal(dns_zone_t *zone, dns_zone_t *raw, dns_journal_t *journal,
                  * update the zone with these records from a different provider,
                  * but skip records that are under our control.
                  */
-               if (rdata->type == dns_rdatatype_dnskey ||
-                   rdata->type == dns_rdatatype_cdnskey ||
-                   rdata->type == dns_rdatatype_cds)
-               {
+               if (dns_rdatatype_iskeymaterial(rdata->type)) {
                         bool inuse = false;
                         isc_result_t r = dns_zone_dnskey_inuse(zone, rdata,
                                                                &inuse);
@@ -16183,10 +16165,7 @@ sync_secure_db(dns_zone_t *seczone, dns_zone_t *raw, dns_db_t *secdb,
                  * update the zone with these records from a different provider,
                  * but skip records that are under our control.
                  */
-               if (tuple->rdata.type == dns_rdatatype_dnskey ||
-                   tuple->rdata.type == dns_rdatatype_cdnskey ||
-                   tuple->rdata.type == dns_rdatatype_cds)
-               {
+               if (dns_rdatatype_iskeymaterial(tuple->rdata.type)) {
                         bool inuse = false;
                         isc_result_t r = dns_zone_dnskey_inuse(
                                 seczone, &tuple->rdata, &inuse);
diff --git a/lib/ns/query.c b/lib/ns/query.c

index 5d223e54832aa49a76e60373f8c9cd5e56692ac7..99fee3e775bb516e739c779326260f73caafc0e1 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -11989,9 +11989,7 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
         /*
          * Turn on minimal response for (C)DNSKEY and (C)DS queries.
          */
-       if (qtype == dns_rdatatype_dnskey || qtype == dns_rdatatype_ds ||
-           qtype == dns_rdatatype_cdnskey || qtype == dns_rdatatype_cds)
-       {
+       if (dns_rdatatype_iskeymaterial(qtype) || qtype == dns_rdatatype_ds) {
                 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
                                              NS_QUERYATTR_NOADDITIONAL);
         } else if (qtype == dns_rdatatype_ns) {
diff --git a/lib/ns/update.c b/lib/ns/update.c

index efffd4054dcb3d87366468af46e9522d7c80a477..31032633666df111584f6666e7db7e680ad9be39 100644 (file)
--- a/lib/ns/update.c
+++ b/lib/ns/update.c
@@ -3386,10 +3386,7 @@ update_action(void *arg) {
                                  * Don't remove DNSKEY, CDNSKEY, CDS records
                                  * that are in use (under our control).
                                  */
-                               if (rdata.type == dns_rdatatype_dnskey ||
-                                   rdata.type == dns_rdatatype_cdnskey ||
-                                   rdata.type == dns_rdatatype_cds)
-                               {
+                               if (dns_rdatatype_iskeymaterial(rdata.type)) {
                                         isc_result_t r;
                                         bool inuse = false;
                                         r = dns_zone_dnskey_inuse(zone, &rdata,
author	Matthijs Mekking <matthijs@isc.org>
	Wed, 15 Mar 2023 10:51:33 +0000 (11:51 +0100)
committer	Matthijs Mekking <matthijs@isc.org>
	Tue, 23 May 2023 06:53:23 +0000 (08:53 +0200)
lib/dns/include/dns/rdata.h		patch \| blob \| blame \| history
lib/dns/rdata.c		patch \| blob \| blame \| history
lib/dns/update.c		patch \| blob \| blame \| history
lib/dns/zone.c		patch \| blob \| blame \| history
lib/ns/query.c		patch \| blob \| blame \| history
lib/ns/update.c		patch \| blob \| blame \| history