From daaa70f48b3217bdb97113ee8b2ef386ba34687b Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Fri, 17 Nov 2023 17:09:00 +0100 Subject: [PATCH] Refactor dns_keystore_directory() Add a default key-directory parameter to the function that can be returned if there is no keystore, or if the keystore directory is NULL (the latter is also true for the built-in keystore). --- bin/dnssec/dnssec-keygen.c | 2 +- lib/dns/dnssec.c | 21 +++------------------ lib/dns/include/dns/keystore.h | 9 +++------ lib/dns/keymgr.c | 16 ++++------------ lib/dns/keystore.c | 12 ++++++++++-- lib/dns/zone.c | 9 ++------- lib/isccfg/check.c | 18 ++++++++++-------- 7 files changed, 33 insertions(+), 54 deletions(-) diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index d770e41c94..b9e5fdb62b 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -913,7 +913,7 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) { static void check_keystore_options(keygen_ctx_t *ctx) { - ctx->directory = dns_keystore_directory(ctx->keystore); + ctx->directory = dns_keystore_directory(ctx->keystore, NULL); if (ctx->directory != NULL) { isc_result_t ret = try_dir(ctx->directory); if (ret != ISC_R_SUCCESS) { diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index c1b1beedfa..eaf7ef6f11 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -1376,15 +1376,8 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, dns_kasp_t *kasp, { if (dns_kasp_key_keystore(kkey) == keystore) { const char *directory = - dns_keystore_directory( - keystore); - if (directory == NULL || - (strcmp(dns_keystore_name(keystore), - DNS_KEYSTORE_KEYDIRECTORY) == - 0)) - { - directory = keydir; - } + dns_keystore_directory(keystore, + keydir); RETERR(findmatchingkeys( directory, namebuf, len, mctx, now, &list)); @@ -1532,15 +1525,7 @@ keyfromfile(dns_kasp_t *kasp, const char *keydir, dst_key_t *key, int type, kkey != NULL; kkey = ISC_LIST_NEXT(kkey, link)) { dns_keystore_t *ks = dns_kasp_key_keystore(kkey); - if (ks == NULL || - strcmp(dns_keystore_name(ks), - DNS_KEYSTORE_KEYDIRECTORY) == 0) - { - directory = keydir; - } else { - directory = dns_keystore_directory(ks); - } - + directory = dns_keystore_directory(ks, keydir); result = dst_key_fromfile(dst_key_name(key), dst_key_id(key), dst_key_alg(key), type, diff --git a/lib/dns/include/dns/keystore.h b/lib/dns/include/dns/keystore.h index 6db1e9cbbb..8cf573cb31 100644 --- a/lib/dns/include/dns/keystore.h +++ b/lib/dns/include/dns/keystore.h @@ -146,13 +146,10 @@ dns_keystore_engine(dns_keystore_t *keystore); */ const char * -dns_keystore_directory(dns_keystore_t *keystore); +dns_keystore_directory(dns_keystore_t *keystore, const char *keydir); /*%< - * Get keystore directory. - * - * Requires: - * - *\li 'keystore' is a valid keystore. + * Get keystore directory. If 'keystore' is NULL or 'keystore->directory' is + *NULL, return 'keydir'. * * Returns: * diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c index 05b26261c9..cc59e42c0b 100644 --- a/lib/dns/keymgr.c +++ b/lib/dns/keymgr.c @@ -453,6 +453,7 @@ keymgr_createkey(dns_kasp_key_t *kkey, const dns_name_t *origin, dst_key_t *newkey = NULL; uint32_t alg = dns_kasp_key_algorithm(kkey); dns_keystore_t *keystore = dns_kasp_key_keystore(kkey); + const char *dir = NULL; int size = dns_kasp_key_size(kkey); if (dns_kasp_key_ksk(kkey)) { @@ -490,19 +491,10 @@ keymgr_createkey(dns_kasp_key_t *kkey, const dns_name_t *origin, dst_key_setbool(newkey, DST_BOOL_KSK, dns_kasp_key_ksk(kkey)); dst_key_setbool(newkey, DST_BOOL_ZSK, dns_kasp_key_zsk(kkey)); - if (keystore == NULL || - strcmp(dns_keystore_name(keystore), "key-directory") == 0) - { - if (keydir != NULL) { - dst_key_setdirectory(newkey, keydir); - } - } else { - if (dns_keystore_directory(keystore) != NULL) { - dst_key_setdirectory(newkey, - dns_keystore_directory(keystore)); - } + dir = dns_keystore_directory(keystore, keydir); + if (dir != NULL) { + dst_key_setdirectory(newkey, dir); } - *dst_key = newkey; return (ISC_R_SUCCESS); diff --git a/lib/dns/keystore.c b/lib/dns/keystore.c index 8ca22873d8..128bededc0 100644 --- a/lib/dns/keystore.c +++ b/lib/dns/keystore.c @@ -108,8 +108,16 @@ dns_keystore_engine(dns_keystore_t *keystore) { } const char * -dns_keystore_directory(dns_keystore_t *keystore) { - REQUIRE(DNS_KEYSTORE_VALID(keystore)); +dns_keystore_directory(dns_keystore_t *keystore, const char *keydir) { + if (keystore == NULL) { + return (keydir); + } + + INSIST(DNS_KEYSTORE_VALID(keystore)); + + if (keystore->directory == NULL) { + return (keydir); + } return (keystore->directory); } diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 2b7bab8316..f0360e4d44 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -6085,13 +6085,8 @@ keyfromfile(dns_zone_t *zone, dst_key_t *pubkey, isc_mem_t *mctx, kkey != NULL; kkey = ISC_LIST_NEXT(kkey, link)) { dns_keystore_t *ks = dns_kasp_key_keystore(kkey); - if (ks == NULL || - strcmp(dns_keystore_name(ks), "key-directory") == 0) - { - directory = zone->keydirectory; - } else { - directory = dns_keystore_directory(ks); - } + directory = dns_keystore_directory(ks, + zone->keydirectory); result = dst_key_fromfile( dst_key_name(pubkey), dst_key_id(pubkey), diff --git a/lib/isccfg/check.c b/lib/isccfg/check.c index c00c588845..ad4ae8441d 100644 --- a/lib/isccfg/check.c +++ b/lib/isccfg/check.c @@ -3009,14 +3009,16 @@ check_keydir(const cfg_obj_t *config, const cfg_obj_t *zconfig, kkey != NULL; kkey = ISC_LIST_NEXT(kkey, link)) { dns_keystore_t *kks = dns_kasp_key_keystore(kkey); - if (kks == NULL || strcmp(DNS_KEYSTORE_KEYDIRECTORY, - dns_keystore_name(kks)) == 0) - { - dir = keydir; - keystore = false; - } else { - dir = dns_keystore_directory(kks); - keystore = true; + dir = dns_keystore_directory(kks, keydir); + keystore = (kks != NULL && strcmp(DNS_KEYSTORE_KEYDIRECTORY, + dns_keystore_name(kks)) != 0); + + ret = keydirexist(zconfig, + keystore ? "key-store directory" + : "key-directory", + zname, dir, name, keydirs, logctx, mctx); + if (ret != ISC_R_SUCCESS) { + result = ret; } } dns_kasp_thaw(kasp);