397. [func] Added utility functions dns_view_gettsig() and

                        dns_view_getpeertsig().

CHANGES

+ 397.	[func]		Added utility functions dns_view_gettsig() and
+			dns_view_getpeertsig().
 
  396.	[doc]		There is now a man page for "nsupdate" 
 			in doc/man/bin/nsupdate.8.

lib/dns/include/dns/view.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: view.h,v 1.47 2000/08/01 01:24:55 tale Exp $ */
+/* $Id: view.h,v 1.48 2000/08/17 00:18:12 gson Exp $ */
 
 #ifndef DNS_VIEW_H
 #define DNS_VIEW_H 1
@@ -532,6 +532,38 @@ dns_view_load(dns_view_t *view, isc_boolean_t stop);
  *	'view' is a valid.
  */
 
+isc_result_t
+dns_view_gettsig(dns_view_t *view, dns_name_t *keyname,
+		 dns_tsigkey_t **keyp);
+/*
+ * Find the TSIG key configured in 'view' with name 'keyname',
+ * if any.
+ *
+ * Reqires:
+ *	keyp points to a NULL dns_tsigkey_t *.
+ *
+ * Returns:
+ *	ISC_R_SUCCESS	A key was found and '*keyp' now points to it.
+ *	ISC_R_NOTFOUND	No key was found.
+ *	others		An error occurred.
+ */
+
+isc_result_t
+dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr,
+		     dns_tsigkey_t **keyp);
+/*
+ * Find the TSIG key configured in 'view' for the server whose
+ * address is 'peeraddr', if any.
+ *
+ * Reqires:
+ *	keyp points to a NULL dns_tsigkey_t *.
+ *
+ * Returns:
+ *	ISC_R_SUCCESS	A key was found and '*keyp' now points to it.
+ *	ISC_R_NOTFOUND	No key was found.
+ *	others		An error occurred.
+ */
+
 isc_result_t
 dns_view_checksig(dns_view_t *view, isc_buffer_t *source, dns_message_t *msg);
 /*

lib/dns/resolver.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.164 2000/08/15 00:21:03 bwelling Exp $ */
+/* $Id: resolver.c,v 1.165 2000/08/17 00:18:08 gson Exp $ */
 
 #include <config.h>
 
@@ -806,9 +806,8 @@ resquery_send(resquery_t *query) {
 	isc_buffer_t tcpbuffer;
 	isc_sockaddr_t *address;
 	isc_buffer_t *buffer;
-	dns_peer_t *peer = NULL;
-	dns_name_t *keyname = NULL;
 	isc_netaddr_t ipaddr;
+	dns_tsigkey_t *tsigkey = NULL;
 
 	fctx = query->fctx;
 	QTRACE("send");
@@ -941,26 +940,13 @@ resquery_send(resquery_t *query) {
 	 * Add TSIG record tailored to the current recipient.
 	 */
 	isc_netaddr_fromsockaddr(&ipaddr, &query->addrinfo->sockaddr);
-	result = dns_peerlist_peerbyaddr(fctx->res->view->peers,
-					 &ipaddr, &peer);
-
-	if (result == ISC_R_SUCCESS &&
-	    dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS)
-	{
-		dns_tsigkey_t *tsigkey = NULL;
-
-		result = dns_tsigkey_find(&tsigkey, keyname, NULL,
-					  fctx->res->view->statickeys);
-		if (result == ISC_R_NOTFOUND)
-			result = dns_tsigkey_find(&tsigkey, keyname, NULL,
-						 fctx->res->view->dynamickeys);
-		if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
-			goto cleanup_message;
+	result = dns_view_getpeertsig(fctx->res->view, &ipaddr, &tsigkey);
+	if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
+		goto cleanup_message;
 
-		if (tsigkey != NULL) {
-			dns_message_settsigkey(fctx->qmessage, tsigkey);
-			dns_tsigkey_detach(&tsigkey);
-		}
+	if (tsigkey != NULL) {
+		dns_message_settsigkey(fctx->qmessage, tsigkey);
+		dns_tsigkey_detach(&tsigkey);
 	}
 
 	result = dns_message_rendersection(fctx->qmessage,

lib/dns/view.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: view.c,v 1.74 2000/08/01 01:23:06 tale Exp $ */
+/* $Id: view.c,v 1.75 2000/08/17 00:18:09 gson Exp $ */
 
 #include <config.h>
 
@@ -982,12 +982,45 @@ dns_view_load(dns_view_t *view, isc_boolean_t stop) {
 	return (dns_zt_load(view->zonetable, stop));
 }
 
+isc_result_t
+dns_view_gettsig(dns_view_t *view, dns_name_t *keyname, dns_tsigkey_t **keyp)
+{
+	isc_result_t result;
+	REQUIRE(keyp != NULL && *keyp == NULL);
+
+	result = dns_tsigkey_find(keyp, keyname, NULL,
+				  view->statickeys);
+	if (result == ISC_R_NOTFOUND)
+		result = dns_tsigkey_find(keyp, keyname, NULL,
+					  view->dynamickeys);
+	return (result);
+}
+
+isc_result_t
+dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr,
+		     dns_tsigkey_t **keyp)
+{
+	isc_result_t result;
+	dns_name_t *keyname = NULL;
+	dns_peer_t *peer = NULL;
+
+	result = dns_peerlist_peerbyaddr(view->peers, peeraddr, &peer);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	result = dns_peer_getkey(peer, &keyname);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	return (dns_view_gettsig(view, keyname, keyp));
+}
+
 isc_result_t
 dns_view_checksig(dns_view_t *view, isc_buffer_t *source, dns_message_t *msg) {
 	REQUIRE(DNS_VIEW_VALID(view));
 	REQUIRE(source != NULL);
 
-	return dns_tsig_verify(source, msg, view->statickeys,
-			       view->dynamickeys);
+	return (dns_tsig_verify(source, msg, view->statickeys,
+				view->dynamickeys));
 }
 

lib/dns/zone.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.185 2000/08/16 02:41:08 tale Exp $ */
+/* $Id: zone.c,v 1.186 2000/08/17 00:18:10 gson Exp $ */
 
 #include <config.h>
 
@@ -1919,8 +1919,6 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
 	dns_message_t *message = NULL;
 	dns_zone_t *zone = NULL;
 	isc_netaddr_t dstip;
-	dns_peer_t *peer = NULL;
-	dns_name_t *keyname = NULL;
 	dns_tsigkey_t *key = NULL;
 
 	notify = event->ev_arg;
@@ -1948,17 +1946,7 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
 		goto cleanup;
 
 	isc_netaddr_fromsockaddr(&dstip, &notify->dst);
-	result = dns_peerlist_peerbyaddr(zone->view->peers,
-					 &dstip, &peer);
-	if (result == ISC_R_SUCCESS &&
-	    dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS)
-	{
-		result = dns_tsigkey_find(&key, keyname, NULL,
-					  zone->view->statickeys);
-		if (result == ISC_R_NOTFOUND)
-			(void) dns_tsigkey_find(&key, keyname, NULL,
-						zone->view->dynamickeys);
-	}
+	(void)dns_view_getpeertsig(notify->zone->view, &dstip, &key);
 
 	result = dns_request_create(notify->zone->view->requestmgr, message,
 				    &notify->dst, 0, key, 15,
@@ -2779,8 +2767,6 @@ soa_query(isc_task_t *task, isc_event_t *event) {
 	dns_message_t *message = NULL;
 	dns_zone_t *zone = event->ev_arg;
 	isc_netaddr_t masterip;
-	dns_peer_t *peer = NULL;
-	dns_name_t *keyname = NULL;
 	dns_tsigkey_t *key = NULL;
 	isc_uint32_t options;
 
@@ -2813,17 +2799,7 @@ soa_query(isc_task_t *task, isc_event_t *event) {
 	UNLOCK(&zone->lock);
 
 	isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
-	result = dns_peerlist_peerbyaddr(zone->view->peers,
-					 &masterip, &peer);
-	if (result == ISC_R_SUCCESS &&
-	    dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS)
-	{
-		result = dns_tsigkey_find(&key, keyname, NULL,
-					  zone->view->statickeys);
-		if (result == ISC_R_NOTFOUND)
-			(void) dns_tsigkey_find(&key, keyname, NULL,
-						zone->view->dynamickeys);
-	}
+	(void)dns_view_getpeertsig(zone->view, &masterip, &key);
 
 	options = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEVC) ?
 		  DNS_REQUESTOPT_TCP : 0;
@@ -2859,8 +2835,6 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
 	isc_result_t result;
 	dns_message_t *message = NULL;
 	isc_netaddr_t masterip;
-	dns_peer_t *peer = NULL;
-	dns_name_t *keyname = NULL;
 	dns_tsigkey_t *key = NULL;
 	dns_dbnode_t *node = NULL;
 
@@ -2947,17 +2921,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
 	UNLOCK(&zone->lock);
 
 	isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
-	result = dns_peerlist_peerbyaddr(zone->view->peers,
-					 &masterip, &peer);
-	if (result == ISC_R_SUCCESS &&
-	    dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS)
-	{
-		result = dns_tsigkey_find(&key, keyname, NULL,
-					  zone->view->statickeys);
-		if (result == ISC_R_NOTFOUND)
-			(void) dns_tsigkey_find(&key, keyname, NULL,
-						zone->view->dynamickeys);
-	}
+	(void)dns_view_getpeertsig(zone->view, &masterip, &key);	
 
 	/*
 	 * Always use TCP so that we shouldn't truncate in additional section.
@@ -3998,7 +3962,6 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) {
 	dns_rdatatype_t xfrtype;
 	dns_zone_t *zone = event->ev_arg;
 	isc_netaddr_t masterip;
-	isc_boolean_t gotkey = ISC_FALSE;
 	dns_view_t *view = NULL;
 
 	UNUSED(task);
@@ -4049,6 +4012,7 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) {
 	/*
 	 * Determine if we should attempt to sign the request with TSIG.
 	 */
+	result = ISC_R_NOTFOUND;
 #ifndef NOMINUM_PUBLIC
 	/*
 	 * First, look for a tsig key in the master statement, then
@@ -4058,29 +4022,17 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) {
 	    (zone->masterkeynames[zone->curmaster] != NULL)) {
 		view = dns_zone_getview(zone);
 		keyname = zone->masterkeynames[zone->curmaster];
-		gotkey = ISC_TRUE;
+		result = dns_view_gettsig(view, keyname, &tsigkey);
 	}
-	else
 #endif /* NOMINUM_PUBLIC */
-        if (peer != NULL &&
-		 dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS) {
-		view = dns_zone_getview(zone);
-		gotkey = ISC_TRUE;
-	}
+	if (tsigkey == NULL)
+		result = dns_view_getpeertsig(zone->view, &masterip, &tsigkey);
 
-	if (gotkey) {
-		result = dns_tsigkey_find(&tsigkey, keyname, NULL,
-					  view->statickeys);
-		if (result == ISC_R_NOTFOUND)
-			result = dns_tsigkey_find(&tsigkey, keyname, NULL,
-						  view->dynamickeys);
-		if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
-			zone_log(zone, me, ISC_LOG_ERROR,
-				 "error getting tsig keys "
-				 "for zone transfer: %s",
-				 isc_result_totext(result));
-			goto cleanup;
-		}
+	if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
+		zone_log(zone, me, ISC_LOG_ERROR,
+			 "error getting tsig key "
+			 "for zone transfer: %s",
+			 isc_result_totext(result));
 	}
 
 	result = dns_xfrin_create(zone, xfrtype, &zone->masteraddr,