Implement dummy 'rndc skr -import' command

Add the code and documentation required to provide KSR import using
rndc.  This is just the command, and the feature is at this point in
time still not implemented.

bin/named/control.c

@@ -228,6 +228,8 @@ named_control_docommand(isccc_sexpr_t *message, bool readonly,
 		result = named_server_flushnode(named_g_server, lex, true);
 	} else if (command_compare(command, NAMED_COMMAND_FREEZE)) {
 		result = named_server_freeze(named_g_server, true, lex, text);
+	} else if (command_compare(command, NAMED_COMMAND_SKR)) {
+		result = named_server_skr(named_g_server, lex, text);
 	} else if (command_compare(command, NAMED_COMMAND_LOADKEYS) ||
 		   command_compare(command, NAMED_COMMAND_SIGN))
 	{

bin/named/include/named/control.h

@@ -61,6 +61,7 @@
 #define NAMED_COMMAND_SHOWZONE	   "showzone"
 #define NAMED_COMMAND_SIGN	   "sign"
 #define NAMED_COMMAND_SIGNING	   "signing"
+#define NAMED_COMMAND_SKR	   "skr"
 #define NAMED_COMMAND_STATUS	   "status"
 #define NAMED_COMMAND_STOP	   "stop"
 #define NAMED_COMMAND_SYNC	   "sync"

bin/named/include/named/server.h

@@ -376,3 +376,9 @@ named_server_servestale(named_server_t *server, isc_lex_t *lex,
 isc_result_t
 named_server_fetchlimit(named_server_t *server, isc_lex_t *lex,
 			isc_buffer_t **text);
+
+/*%
+ * Import SKR file for offline KSK signing.
+ */
+isc_result_t
+named_server_skr(named_server_t *server, isc_lex_t *lex, isc_buffer_t **text);

bin/named/server.c

@@ -16667,3 +16667,61 @@ cleanup:
 
 	return (result);
 }
+
+isc_result_t
+named_server_skr(named_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
+	isc_result_t result = ISC_R_SUCCESS;
+	dns_zone_t *zone = NULL;
+	dns_kasp_t *kasp = NULL;
+	const char *ptr;
+	char skrfile[PATH_MAX];
+
+	/* Skip the command name. */
+	ptr = next_token(lex, text);
+	if (ptr == NULL) {
+		return (ISC_R_UNEXPECTEDEND);
+	}
+
+	/* Find out what we are to do. */
+	ptr = next_token(lex, text);
+	if (ptr == NULL) {
+		return (ISC_R_UNEXPECTEDEND);
+	}
+
+	if (strcasecmp(ptr, "-import") != 0) {
+		CHECK(DNS_R_SYNTAX);
+	}
+
+	ptr = next_token(lex, NULL);
+	if (ptr == NULL) {
+		return (ISC_R_UNEXPECTEDEND);
+	}
+	(void)snprintf(skrfile, sizeof(skrfile), "%s", ptr);
+
+	CHECK(zone_from_args(server, lex, NULL, &zone, NULL, text, false));
+	if (zone == NULL) {
+		CHECK(ISC_R_UNEXPECTEDEND);
+	}
+	kasp = dns_zone_getkasp(zone);
+	if (kasp == NULL) {
+		CHECK(putstr(text, "zone does not have a dnssec-policy"));
+		CHECK(putnull(text));
+		goto cleanup;
+	}
+
+	if (!dns_kasp_offlineksk(kasp)) {
+		CHECK(putstr(text, "zone does not have offline-ksk enabled"));
+		CHECK(putnull(text));
+		goto cleanup;
+	}
+
+	CHECK(putstr(text, "import command not implemented"));
+	CHECK(putnull(text));
+
+cleanup:
+	if (zone != NULL) {
+		dns_zone_detach(&zone);
+	}
+
+	return (result);
+}

bin/rndc/rndc.c

@@ -132,6 +132,9 @@ command is one of the following:\n\
   halt		Stop the server without saving pending updates.\n\
   halt -p	Stop the server without saving pending updates reporting\n\
 		process id.\n\
+  skr -import file zone [class [view]]\n\
+		Import a SKR file for the specified zone, for offline KSK\n\
+		signing.\n\
   loadkeys zone [class [view]]\n\
 		Update keys without signing immediately.\n\
   managed-keys refresh [class [view]]\n\

bin/rndc/rndc.rst

@@ -266,6 +266,11 @@ Currently supported commands are:
 
    See also :option:`rndc stop`.
 
+.. option:: skr -import file zone [class [view]]
+
+   This command allows you to import a SKR file for the specified zone, to
+   support offline KSK signing.
+
 .. option:: loadkeys [zone [class [view]]]
 
    This command fetches all DNSSEC keys for the given zone from the key directory. If