Commit 70d1ec43 authored by Matthijs Mekking's avatar Matthijs Mekking 🏡
Browse files

Use explicit result codes for 'rndc dnssec' cmd

It is better to add new result codes than to overload existing codes.
parent edc53fc4
......@@ -14766,6 +14766,7 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex,
char whenbuf[80];
isc_time_set(&timewhen, when, 0);
isc_time_formattimestamp(&timewhen, whenbuf, sizeof(whenbuf));
isc_result_t ret;
LOCK(&kasp->lock);
if (use_keyid) {
......@@ -14796,16 +14797,16 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex,
CHECK(putstr(text, "since "));
CHECK(putstr(text, whenbuf));
break;
case ISC_R_NOTFOUND:
CHECK(putstr(text, "No matching KSK found"));
break;
case ISC_R_FAILURE:
case DNS_R_TOOMANYKEYS:
CHECK(putstr(text,
"Error: multiple possible KSKs found, "
"Error: multiple possible keys found, "
"retry command with -key id"));
break;
default:
CHECK(putstr(text, "Error executing checkds command"));
ret = result;
CHECK(putstr(text,
"Error executing checkds command: "));
CHECK(putstr(text, isc_result_totext(ret)));
break;
}
} else if (rollover) {
......@@ -14815,6 +14816,7 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex,
char whenbuf[80];
isc_time_set(&timewhen, when, 0);
isc_time_formattimestamp(&timewhen, whenbuf, sizeof(whenbuf));
isc_result_t ret;
LOCK(&kasp->lock);
result = dns_keymgr_rollover(kasp, &keys, dir, now, when, keyid,
......@@ -14833,21 +14835,16 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex,
CHECK(putstr(text, "Rollover scheduled on "));
CHECK(putstr(text, whenbuf));
break;
case ISC_R_NOTFOUND:
CHECK(putstr(text, "No matching keyfound"));
break;
case ISC_R_FAILURE:
case DNS_R_TOOMANYKEYS:
CHECK(putstr(text,
"Error: multiple possible keys found, "
"retry command with -alg algorithm"));
break;
case ISC_R_UNEXPECTED:
CHECK(putstr(text,
"Error: key is not active and cannot "
"be rolled at this time"));
break;
default:
CHECK(putstr(text, "Error executing rollover command"));
ret = result;
CHECK(putstr(text,
"Error executing rollover command: "));
CHECK(putstr(text, isc_result_totext(ret)));
break;
}
}
......
......@@ -2814,7 +2814,7 @@ n=$((n+1))
echo_i "check that rndc dnssec -rollover fails if key is inactive ($n)"
ret=0
rndccmd "$SERVER" dnssec -rollover -key $(key_get KEY4 ID) "$ZONE" > rndc.dnssec.rollover.out.$ZONE.$n
grep "key is not active and cannot be rolled" rndc.dnssec.rollover.out.$ZONE.$n > /dev/null || log_error "bad error message"
grep "key is not actively signing" rndc.dnssec.rollover.out.$ZONE.$n > /dev/null || log_error "bad error message"
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
......
......@@ -74,8 +74,8 @@ dns_keymgr_checkds_id(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
*
* Returns:
*\li #ISC_R_SUCCESS (No error).
*\li #ISC_R_FAILURE (More than one matching KSK found).
*\li #ISC_R_NOTFOUND (No matching KSK found).
*\li #DNS_R_NOKEYMATCH (No matching keys found).
*\li #DNS_R_TOOMANYKEYS (More than one matching keys found).
*
*/
......@@ -104,9 +104,9 @@ dns_keymgr_rollover(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
*
* Returns:
*\li #ISC_R_SUCCESS (No error).
*\li #ISC_R_FAILURE (More than one matching keys found).
*\li #ISC_R_NOTFOUND (No matching keys found).
*\li #ISC_R_UNEXPECTED (Key is not active).
*\li #DNS_R_NOKEYMATCH (No matching keys found).
*\li #DNS_R_TOOMANYKEYS (More than one matching keys found).
*\li #DNS_R_KEYNOTACTIVE (Key is not active).
*
*/
......
......@@ -155,8 +155,11 @@
#define DNS_R_TOOMANYRECORDS (ISC_RESULTCLASS_DNS + 117)
#define DNS_R_VERIFYFAILURE (ISC_RESULTCLASS_DNS + 118)
#define DNS_R_ATZONETOP (ISC_RESULTCLASS_DNS + 119)
#define DNS_R_NOKEYMATCH (ISC_RESULTCLASS_DNS + 120)
#define DNS_R_TOOMANYKEYS (ISC_RESULTCLASS_DNS + 121)
#define DNS_R_KEYNOTACTIVE (ISC_RESULTCLASS_DNS + 122)
#define DNS_R_NRESULTS 120 /*%< Number of results */
#define DNS_R_NRESULTS 123 /*%< Number of results */
/*
* DNS wire format rcodes.
......
......@@ -1894,7 +1894,7 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
/*
* Only checkds for one key at a time.
*/
return (ISC_R_FAILURE);
return (DNS_R_TOOMANYKEYS);
}
ksk_key = dkey;
......@@ -1902,7 +1902,7 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
}
if (ksk_key == NULL) {
return (ISC_R_NOTFOUND);
return (DNS_R_NOKEYMATCH);
}
if (dspublish) {
......@@ -1918,7 +1918,7 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
}
result = isc_dir_open(&dir, directory);
if (result != ISC_R_SUCCESS) {
return result;
return (result);
}
dns_dnssec_get_hints(ksk_key, now);
......@@ -2174,18 +2174,18 @@ dns_keymgr_rollover(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
/*
* Only rollover for one key at a time.
*/
return (ISC_R_FAILURE);
return (DNS_R_TOOMANYKEYS);
}
key = dkey;
}
if (key == NULL) {
return (ISC_R_NOTFOUND);
return (DNS_R_NOKEYMATCH);
}
result = dst_key_gettime(key->key, DST_TIME_ACTIVATE, &active);
if (result != ISC_R_SUCCESS || active > now) {
return (ISC_R_UNEXPECTED);
return (DNS_R_KEYNOTACTIVE);
}
result = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire);
......@@ -2218,7 +2218,7 @@ dns_keymgr_rollover(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
}
result = isc_dir_open(&dir, directory);
if (result != ISC_R_SUCCESS) {
return result;
return (result);
}
dns_dnssec_get_hints(key, now);
......
......@@ -165,6 +165,10 @@ static const char *text[DNS_R_NRESULTS] = {
"too many records", /*%< 117 DNS_R_TOOMANYRECORDS */
"verify failure", /*%< 118 DNS_R_VERIFYFAILURE */
"at top of zone", /*%< 119 DNS_R_ATZONETOP */
"no matching key found", /*%< 120 DNS_R_NOKEYMATCH */
"too many keys matching", /*%< 121 DNS_R_TOOMANYKEYS */
"key is not actively signing", /*%< 122 DNS_R_KEYNOTACTIVE */
};
static const char *ids[DNS_R_NRESULTS] = {
......@@ -292,6 +296,9 @@ static const char *ids[DNS_R_NRESULTS] = {
"DNS_R_TOOMANYRECORDS",
"DNS_R_VERIFYFAILURE",
"DNS_R_ATZONETOP",
"DNS_R_NOKEYMATCH",
"DNS_R_TOOMANYKEYS",
"DNS_R_KEYNOTACTIVE",
};
static const char *rcode_text[DNS_R_NRCODERESULTS] = {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment