mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-09 07:32:09 -04:00
Add new dns_rdatatype_iskeymaterial() function
The following code block repeats quite often:
if (rdata.type == dns_rdatatype_dnskey ||
rdata.type == dns_rdatatype_cdnskey ||
rdata.type == dns_rdatatype_cds)
Introduce a new function to reduce the repetition.
This commit is contained in:
Matthijs Mekking
parent
81cb18b8a2
commit
ef58f2444f
6 changed files with 26 additions and 48 deletions
|
|
@ -565,6 +565,13 @@ dns_rdatatype_isdnssec(dns_rdatatype_t type);
|
|||
* \li 'type' is a valid rdata type.
|
||||
*/
|
||||
|
||||
bool
|
||||
dns_rdatatype_iskeymaterial(dns_rdatatype_t type);
|
||||
/*%<
|
||||
* Return true iff the rdata type 'type' is a DNSSEC key
|
||||
* related type, like DNSKEY, CDNSKEY, or CDS.
|
||||
*/
|
||||
|
||||
bool
|
||||
dns_rdatatype_iszonecutauth(dns_rdatatype_t type);
|
||||
/*%<
|
||||
|
|
|
|||
|
|
@ -2272,6 +2272,12 @@ dns_rdatatype_isdnssec(dns_rdatatype_t type) {
|
|||
return (false);
|
||||
}
|
||||
|
||||
bool
|
||||
dns_rdatatype_iskeymaterial(dns_rdatatype_t type) {
|
||||
return (type == dns_rdatatype_dnskey || type == dns_rdatatype_cdnskey ||
|
||||
type == dns_rdatatype_cds);
|
||||
}
|
||||
|
||||
bool
|
||||
dns_rdatatype_iszonecutauth(dns_rdatatype_t type) {
|
||||
if ((dns_rdatatype_attributes(type) & DNS_RDATATYPEATTR_ZONECUTAUTH) !=
|
||||
|
|
|
|||
|
|
@ -1201,10 +1201,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
|
|||
}
|
||||
}
|
||||
|
||||
if (type == dns_rdatatype_dnskey ||
|
||||
type == dns_rdatatype_cdnskey ||
|
||||
type == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(type)) {
|
||||
/*
|
||||
* DNSKEY RRset is signed with KSK.
|
||||
* CDS and CDNSKEY RRsets too (RFC 7344, 4.1).
|
||||
|
|
@ -1238,10 +1235,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
|
|||
/*
|
||||
* CDS and CDNSKEY are signed with KSK (RFC 7344, 4.1).
|
||||
*/
|
||||
if (type == dns_rdatatype_dnskey ||
|
||||
type == dns_rdatatype_cdnskey ||
|
||||
type == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(type)) {
|
||||
if (!KSK(keys[i]) && keyset_kskonly) {
|
||||
continue;
|
||||
}
|
||||
|
|
@ -1670,10 +1664,7 @@ next_state:
|
|||
&flag));
|
||||
if (flag) {
|
||||
isc_stdtime_t exp;
|
||||
if (type == dns_rdatatype_dnskey ||
|
||||
type == dns_rdatatype_cdnskey ||
|
||||
type == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(type)) {
|
||||
exp = state->keyexpire;
|
||||
} else if (type == dns_rdatatype_soa) {
|
||||
exp = state->soaexpire;
|
||||
|
|
|
|||
|
|
@ -6384,9 +6384,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
|
|||
result = dns_rdata_tostruct(&rdata, &rrsig, NULL);
|
||||
RUNTIME_CHECK(result == ISC_R_SUCCESS);
|
||||
|
||||
if (type != dns_rdatatype_dnskey && type != dns_rdatatype_cds &&
|
||||
type != dns_rdatatype_cdnskey)
|
||||
{
|
||||
if (!dns_rdatatype_iskeymaterial(type)) {
|
||||
bool warn = false, deleted = false;
|
||||
if (delsig_ok(&rrsig, keys, nkeys, kasp, &warn)) {
|
||||
result = update_one_rr(db, ver, zonediff->diff,
|
||||
|
|
@ -6703,10 +6701,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone,
|
|||
both = have_ksk && have_zsk;
|
||||
}
|
||||
|
||||
if (type == dns_rdatatype_dnskey ||
|
||||
type == dns_rdatatype_cdnskey ||
|
||||
type == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(type)) {
|
||||
/*
|
||||
* DNSKEY RRset is signed with KSK.
|
||||
* CDS and CDNSKEY RRsets too (RFC 7344, 4.1).
|
||||
|
|
@ -6746,10 +6741,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone,
|
|||
/*
|
||||
* CDS and CDNSKEY are signed with KSK (RFC 7344, 4.1).
|
||||
*/
|
||||
if (type == dns_rdatatype_dnskey ||
|
||||
type == dns_rdatatype_cdnskey ||
|
||||
type == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(type)) {
|
||||
if (!KSK(keys[i]) && keyset_kskonly) {
|
||||
continue;
|
||||
}
|
||||
|
|
@ -7150,9 +7142,7 @@ signed_with_good_key(dns_zone_t *zone, dns_db_t *db, dns_dbnode_t *node,
|
|||
}
|
||||
KASP_UNLOCK(kasp);
|
||||
|
||||
if (type == dns_rdatatype_dnskey ||
|
||||
type == dns_rdatatype_cdnskey || type == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(type)) {
|
||||
/*
|
||||
* CDS and CDNSKEY are signed with KSK like DNSKEY.
|
||||
* (RFC 7344, section 4.1 specifies that they must
|
||||
|
|
@ -7327,10 +7317,7 @@ sign_a_node(dns_db_t *db, dns_zone_t *zone, dns_name_t *name,
|
|||
{
|
||||
goto next_rdataset;
|
||||
}
|
||||
if (rdataset.type == dns_rdatatype_dnskey ||
|
||||
rdataset.type == dns_rdatatype_cdnskey ||
|
||||
rdataset.type == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(rdataset.type)) {
|
||||
/*
|
||||
* CDS and CDNSKEY are signed with KSK like DNSKEY.
|
||||
* (RFC 7344, section 4.1 specifies that they must
|
||||
|
|
@ -7944,9 +7931,7 @@ dns__zone_updatesigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
|
|||
isc_stdtime_t exp = expire;
|
||||
|
||||
if (keyexpire != 0 &&
|
||||
(tuple->rdata.type == dns_rdatatype_dnskey ||
|
||||
tuple->rdata.type == dns_rdatatype_cdnskey ||
|
||||
tuple->rdata.type == dns_rdatatype_cds))
|
||||
dns_rdatatype_iskeymaterial(tuple->rdata.type))
|
||||
{
|
||||
exp = keyexpire;
|
||||
}
|
||||
|
|
@ -16109,10 +16094,7 @@ sync_secure_journal(dns_zone_t *zone, dns_zone_t *raw, dns_journal_t *journal,
|
|||
* update the zone with these records from a different provider,
|
||||
* but skip records that are under our control.
|
||||
*/
|
||||
if (rdata->type == dns_rdatatype_dnskey ||
|
||||
rdata->type == dns_rdatatype_cdnskey ||
|
||||
rdata->type == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(rdata->type)) {
|
||||
bool inuse = false;
|
||||
isc_result_t r = dns_zone_dnskey_inuse(zone, rdata,
|
||||
&inuse);
|
||||
|
|
@ -16183,10 +16165,7 @@ sync_secure_db(dns_zone_t *seczone, dns_zone_t *raw, dns_db_t *secdb,
|
|||
* update the zone with these records from a different provider,
|
||||
* but skip records that are under our control.
|
||||
*/
|
||||
if (tuple->rdata.type == dns_rdatatype_dnskey ||
|
||||
tuple->rdata.type == dns_rdatatype_cdnskey ||
|
||||
tuple->rdata.type == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(tuple->rdata.type)) {
|
||||
bool inuse = false;
|
||||
isc_result_t r = dns_zone_dnskey_inuse(
|
||||
seczone, &tuple->rdata, &inuse);
|
||||
|
|
|
|||
|
|
@ -11989,9 +11989,7 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
|
|||
/*
|
||||
* Turn on minimal response for (C)DNSKEY and (C)DS queries.
|
||||
*/
|
||||
if (qtype == dns_rdatatype_dnskey || qtype == dns_rdatatype_ds ||
|
||||
qtype == dns_rdatatype_cdnskey || qtype == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(qtype) || qtype == dns_rdatatype_ds) {
|
||||
client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
|
||||
NS_QUERYATTR_NOADDITIONAL);
|
||||
} else if (qtype == dns_rdatatype_ns) {
|
||||
|
|
|
|||
|
|
@ -3386,10 +3386,7 @@ update_action(void *arg) {
|
|||
* Don't remove DNSKEY, CDNSKEY, CDS records
|
||||
* that are in use (under our control).
|
||||
*/
|
||||
if (rdata.type == dns_rdatatype_dnskey ||
|
||||
rdata.type == dns_rdatatype_cdnskey ||
|
||||
rdata.type == dns_rdatatype_cds)
|
||||
{
|
||||
if (dns_rdatatype_iskeymaterial(rdata.type)) {
|
||||
isc_result_t r;
|
||||
bool inuse = false;
|
||||
r = dns_zone_dnskey_inuse(zone, &rdata,
|
||||
|
|
|
|||
Loading…
Reference in a new issue