mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-16 07:32:57 -04:00
9081426313
Refactor dns_dnssec_findmatchingkeys and dns_dnssec_keylistfromrdataset to take into account the key store directories in case the zone is using dnssec-policy (kasp). Add 'kasp' and 'keystores' parameters. This requires the keystorelist to be stored inside the zone structure. The calls to these functions in the DNSSEC tools can use NULL as the kasp value, as dnssec-signzone does not (yet) support dnssec-policy, and key collision is checked inside the directory where it is created.
80 lines
2.3 KiB
C
80 lines
2.3 KiB
C
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
/*! \file */
|
|
|
|
#include <stdbool.h>
|
|
|
|
#include <isc/lang.h>
|
|
#include <isc/types.h>
|
|
|
|
#include <isccfg/aclconf.h>
|
|
#include <isccfg/cfg.h>
|
|
|
|
ISC_LANG_BEGINDECLS
|
|
|
|
isc_result_t
|
|
named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
|
const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac,
|
|
dns_kasplist_t *kasplist, dns_keystorelist_t *keystores,
|
|
dns_zone_t *zone, dns_zone_t *raw);
|
|
/*%<
|
|
* Configure or reconfigure a zone according to the named.conf
|
|
* data.
|
|
*
|
|
* The zone origin is not configured, it is assumed to have been set
|
|
* at zone creation time.
|
|
*
|
|
* Require:
|
|
* \li 'ac' to point to an initialized cfg_aclconfctx_t.
|
|
* \li 'kasplist' to be initialized.
|
|
* \li 'zone' to be initialized.
|
|
*/
|
|
|
|
bool
|
|
named_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig,
|
|
const cfg_obj_t *vconfig, const cfg_obj_t *config,
|
|
dns_kasplist_t *kasplist);
|
|
/*%<
|
|
* If 'zone' can be safely reconfigured according to the configuration
|
|
* data in 'zconfig', return true. If the configuration data is so
|
|
* different from the current zone state that the zone needs to be destroyed
|
|
* and recreated, return false.
|
|
*/
|
|
|
|
bool
|
|
named_zone_inlinesigning(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
|
|
const cfg_obj_t *config, dns_kasplist_t *kasplist);
|
|
/*%<
|
|
* Determine if zone uses inline-signing. This is true if inline-signing
|
|
* is set to yes, in the zone clause or in the zone's dnssec-policy clause.
|
|
* By default, dnssec-policy uses inline-signing.
|
|
*/
|
|
|
|
isc_result_t
|
|
named_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, dns_zone_t *zone,
|
|
dns_rdataclass_t rdclass, dns_name_t *name);
|
|
/*%>
|
|
* configure a DLZ zone, setting up the database methods and calling
|
|
* postload to load the origin values
|
|
*
|
|
* Require:
|
|
* \li 'dlzdatabase' to be a valid dlz database
|
|
* \li 'zone' to be initialized.
|
|
* \li 'rdclass' to be a valid rdataclass
|
|
* \li 'name' to be a valid zone origin name
|
|
*/
|
|
|
|
ISC_LANG_ENDDECLS
|