upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

apply_configuation: add configure_keystores

Browse source 
The keystores list build logic was inlined in apply_configuration, this
commit extracts it into its own function.
This commit is contained in:
Colin Vidal 2025-09-08 10:46:11 +02:00
parent c97be6a7f5
commit de11150e47
1 changed files with 36 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
bin/named/server.c
View file

@ -8002,6 +8002,37 @@ configure_views(cfg_obj_t *config, const cfg_obj_t *bindkeys,
return result;
}
static isc_result_t
configure_keystores(const cfg_obj_t *config, dns_keystorelist_t *keystorelist) {
isc_result_t result = ISC_R_SUCCESS;
const cfg_obj_t *keystores = NULL;
/*
* Create the built-in key store ("key-directory").
*/
result = cfg_keystore_fromconfig(NULL, isc_g_mctx, keystorelist, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
/*
* Create the DNSSEC key stores.
*/
keystores = NULL;
(void)cfg_map_get(config, "key-store", &keystores);
CFG_LIST_FOREACH(keystores, element) {
cfg_obj_t *kconfig = cfg_listelt_value(element);
result = cfg_keystore_fromconfig(kconfig, isc_g_mctx,
keystorelist, NULL);
if (result != ISC_R_SUCCESS) {
return result;
}
}
return result;
}
static isc_result_t
configure_kasplist(const cfg_obj_t *config, dns_kasplist_t *kasplist,
dns_keystorelist_t *keystorelist) {
@ -8068,7 +8099,6 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
const cfg_obj_t *maps[3];
const cfg_obj_t *obj = NULL;
const cfg_obj_t *options = NULL;
const cfg_obj_t *keystores = NULL;
dns_kasplist_t tmpkasplist, kasplist;
dns_keystorelist_t tmpkeystorelist, keystorelist;
dns_viewlist_t viewlist;
@ -8742,29 +8772,11 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
*/
(void)configure_session_key(maps, server, isc_g_mctx, first_time);
/*
* Create the built-in key store ("key-directory").
*/
result = cfg_keystore_fromconfig(NULL, isc_g_mctx, &keystorelist, NULL);
result = configure_keystores(config, &keystorelist);
if (result != ISC_R_SUCCESS) {
goto cleanup_keystorelist;
}
/*
* Create the DNSSEC key stores.
*/
keystores = NULL;
(void)cfg_map_get(config, "key-store", &keystores);
CFG_LIST_FOREACH(keystores, element) {
cfg_obj_t *kconfig = cfg_listelt_value(element);
result = cfg_keystore_fromconfig(kconfig, isc_g_mctx,
&keystorelist, NULL);
if (result != ISC_R_SUCCESS) {
goto cleanup_keystorelist;
}
}
result = configure_kasplist(config, &kasplist, &keystorelist);
if (result != ISC_R_SUCCESS) {
goto cleanup_kasplist;
@ -9150,6 +9162,10 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
/*
* Swap the new keystores list with the old one (so the new one will be
* used and old one will be cleared).
*
* If this is the initial server setup, store the address
* `&server->keystorelist` in the zone manager, so the zones can reach
* the list during runtime whenever needed.
*/
tmpkeystorelist = server->keystorelist;
server->keystorelist = keystorelist;