From a7080db2111c26f8e26675a8a2da7fbd2edeb215 Mon Sep 17 00:00:00 2001 From: Colin Vidal Date: Mon, 13 Oct 2025 18:35:52 +0200 Subject: [PATCH] fix delv when using the builtin trust-anchors Since the builtin trust-anchors are now called `builtin-trust-anchors`, delv needs specific handling in order to be able to parse those when they are used. Before, delv was simply parsing a single clause (either in the case of an overriden trust-anchors value from bindkeys file or by simply reading the builtin value). But since the name changed, the same code can't be shared and the builtin version is expected to be in a map. --- bin/delv/delv.c | 22 +++++++++++++++++----- lib/isccfg/include/isccfg/namedconf.h | 3 +++ 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/bin/delv/delv.c b/bin/delv/delv.c index b05e05f2d2..f462a13c16 100644 --- a/bin/delv/delv.c +++ b/bin/delv/delv.c @@ -75,6 +75,7 @@ #include +#include #include #include @@ -158,9 +159,17 @@ static dns_name_t *anchor_name = NULL; static dns_master_style_t *style = NULL; static dns_fixedname_t qfn; -/* Default trust anchors */ +/* Default trust anchors and clause/type definitions */ static char anchortext[] = TRUST_ANCHORS; +static cfg_clausedef_t delv_clauses[] = { { "builtin-trust-anchors", + &cfg_type_builtin_dnsseckeys, + CFG_CLAUSEFLAG_MULTI }, + { NULL, NULL, 0 } }; +static cfg_clausedef_t *delv_clausesets[] = { delv_clauses, NULL }; +static cfg_type_t delv_type = { "delv", cfg_parse_mapbody, NULL, + NULL, &cfg_rep_map, delv_clausesets }; + /* * Static function prototypes */ @@ -833,20 +842,23 @@ setup_dnsseckeys(dns_client_t *client, dns_view_t *toview) { if (result != ISC_R_SUCCESS) { fatal("Unable to load keys from '%s'", anchorfile); } + + INSIST(bindkeys != NULL); + cfg_map_get(bindkeys, "trust-anchors", &trust_anchors); } else { isc_buffer_t b; isc_buffer_init(&b, anchortext, sizeof(anchortext) - 1); isc_buffer_add(&b, sizeof(anchortext) - 1); - result = cfg_parse_buffer(isc_g_mctx, &b, NULL, 0, - &cfg_type_bindkeys, 0, &bindkeys); + result = cfg_parse_buffer(isc_g_mctx, &b, NULL, 0, &delv_type, + 0, &bindkeys); if (result != ISC_R_SUCCESS) { fatal("Unable to parse built-in keys"); } + INSIST(bindkeys != NULL); + cfg_map_get(bindkeys, "builtin-trust-anchors", &trust_anchors); } - INSIST(bindkeys != NULL); - cfg_map_get(bindkeys, "trust-anchors", &trust_anchors); if (trust_anchors != NULL) { CHECK(load_keys(trust_anchors, client, toview)); } diff --git a/lib/isccfg/include/isccfg/namedconf.h b/lib/isccfg/include/isccfg/namedconf.h index d2fa34b58e..8843b92623 100644 --- a/lib/isccfg/include/isccfg/namedconf.h +++ b/lib/isccfg/include/isccfg/namedconf.h @@ -29,6 +29,9 @@ extern cfg_type_t cfg_type_namedconf; extern cfg_type_t cfg_type_bindkeys; /*%< A bind.keys file. */ +extern cfg_type_t cfg_type_builtin_dnsseckeys; +/*%< The builtin dnsseckey builtin-trust-anchors */ + extern cfg_type_t cfg_type_addzoneconf; /*%< A single zone passed via the addzone rndc command. */