#include <dns/journal.h>
#include <dns/kasp.h>
#include <dns/keymgr.h>
+#include <dns/keystore.h>
#include <dns/keytable.h>
#include <dns/keyvalues.h>
#include <dns/master.h>
const cfg_obj_t *options;
const cfg_obj_t *usev4ports, *avoidv4ports, *usev6ports, *avoidv6ports;
const cfg_obj_t *kasps;
+ const cfg_obj_t *keystores;
dns_kasp_t *kasp = NULL;
dns_kasp_t *kasp_next = NULL;
dns_kasp_t *default_kasp = NULL;
dns_kasplist_t tmpkasplist, kasplist;
+ dns_keystore_t *keystore = NULL;
+ dns_keystore_t *keystore_next = NULL;
+ dns_keystorelist_t tmpkeystorelist, keystorelist;
const cfg_obj_t *views;
dns_view_t *view_next = NULL;
REQUIRE(isc_loop_current(named_g_loopmgr) == named_g_mainloop);
ISC_LIST_INIT(kasplist);
+ ISC_LIST_INIT(keystorelist);
ISC_LIST_INIT(viewlist);
ISC_LIST_INIT(builtin_viewlist);
ISC_LIST_INIT(cachelist);
*/
(void)configure_session_key(maps, server, named_g_mctx, first_time);
+ /*
+ * Create the DNSSEC key stores.
+ */
+ keystores = NULL;
+ (void)cfg_map_get(config, "key-store", &keystores);
+ for (element = cfg_list_first(keystores); element != NULL;
+ element = cfg_list_next(element))
+ {
+ cfg_obj_t *kconfig = cfg_listelt_value(element);
+ keystore = NULL;
+ result = cfg_keystore_fromconfig(kconfig, named_g_mctx,
+ named_g_lctx, &keystorelist,
+ &keystore));
+ if (result != ISC_R_SUCCESS) {
+ goto cleanup_keystorelist;
+ }
+ INSIST(keystore != NULL);
+ dns_keystore_detach(&keystore);
+ }
+ tmpkeystorelist = server->keystorelist;
+ server->keystorelist = keystorelist;
+ keystorelist = tmpkeystorelist;
+
/*
* Create the built-in kasp policies ("default", "insecure").
*/
dns_kasp_detach(&kasp);
}
+cleanup_keystorelist:
+ for (keystore = ISC_LIST_HEAD(keystorelist); keystore != NULL;
+ keystore = keystore_next)
+ {
+ keystore_next = ISC_LIST_NEXT(keystore, link);
+ ISC_LIST_UNLINK(keystorelist, keystore, link);
+ dns_keystore_detach(&keystore);
+ }
+
cleanup_v6portset:
isc_portset_destroy(named_g_mctx, &v6portset);
named_server_t *server = (named_server_t *)arg;
dns_view_t *view = NULL, *view_next = NULL;
dns_kasp_t *kasp = NULL, *kasp_next = NULL;
+ dns_keystore_t *keystore = NULL, *keystore_next = NULL;
bool flush = server->flushonshutdown;
named_cache_t *nsc = NULL;
dns_kasp_detach(&kasp);
}
+ for (keystore = ISC_LIST_HEAD(server->keystorelist); keystore != NULL;
+ keystore = keystore_next)
+ {
+ keystore_next = ISC_LIST_NEXT(keystore, link);
+ ISC_LIST_UNLINK(server->keystorelist, keystore, link);
+ dns_keystore_detach(&keystore);
+ }
+
for (view = ISC_LIST_HEAD(server->viewlist); view != NULL;
view = view_next)
{
/* Initialize server data structures. */
ISC_LIST_INIT(server->kasplist);
+ ISC_LIST_INIT(server->keystorelist);
ISC_LIST_INIT(server->viewlist);
/* Must be first. */
dst_lib_destroy();
INSIST(ISC_LIST_EMPTY(server->kasplist));
+ INSIST(ISC_LIST_EMPTY(server->keystorelist));
INSIST(ISC_LIST_EMPTY(server->viewlist));
INSIST(ISC_LIST_EMPTY(server->cachelist));
isc_result_t
dns_kasp_key_create(dns_kasp_t *kasp, dns_kasp_key_t **keyp) {
- dns_kasp_key_t *key;
+ dns_kasp_key_t *key = NULL;
+ dns_kasp_key_t k = { .length = -1 };
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(keyp != NULL && *keyp == NULL);
key = isc_mem_get(kasp->mctx, sizeof(*key));
+ *key = k;
+
key->mctx = NULL;
isc_mem_attach(kasp->mctx, &key->mctx);
ISC_LINK_INIT(key, link);
- key->lifetime = 0;
- key->algorithm = 0;
- key->length = -1;
- key->role = 0;
*keyp = key;
return (ISC_R_SUCCESS);
}
dns_kasp_key_destroy(dns_kasp_key_t *key) {
REQUIRE(key != NULL);
+ if (key->keystore != NULL) {
+ isc_mem_free(key->mctx, key->keystore);
+ key->keystore = NULL;
+ }
isc_mem_putanddetach(&key->mctx, key, sizeof(*key));
}
projects / thirdparty / bind9.git / commitdiff
