Commit 70d1ec43 authored by Matthijs Mekking's avatar Matthijs Mekking 🏡
Browse files

Use explicit result codes for 'rndc dnssec' cmd

It is better to add new result codes than to overload existing codes.
parent edc53fc4
...@@ -14766,6 +14766,7 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex, ...@@ -14766,6 +14766,7 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex,
char whenbuf[80]; char whenbuf[80];
isc_time_set(&timewhen, when, 0); isc_time_set(&timewhen, when, 0);
isc_time_formattimestamp(&timewhen, whenbuf, sizeof(whenbuf)); isc_time_formattimestamp(&timewhen, whenbuf, sizeof(whenbuf));
isc_result_t ret;
LOCK(&kasp->lock); LOCK(&kasp->lock);
if (use_keyid) { if (use_keyid) {
...@@ -14796,16 +14797,16 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex, ...@@ -14796,16 +14797,16 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex,
CHECK(putstr(text, "since ")); CHECK(putstr(text, "since "));
CHECK(putstr(text, whenbuf)); CHECK(putstr(text, whenbuf));
break; break;
case ISC_R_NOTFOUND: case DNS_R_TOOMANYKEYS:
CHECK(putstr(text, "No matching KSK found"));
break;
case ISC_R_FAILURE:
CHECK(putstr(text, CHECK(putstr(text,
"Error: multiple possible KSKs found, " "Error: multiple possible keys found, "
"retry command with -key id")); "retry command with -key id"));
break; break;
default: default:
CHECK(putstr(text, "Error executing checkds command")); ret = result;
CHECK(putstr(text,
"Error executing checkds command: "));
CHECK(putstr(text, isc_result_totext(ret)));
break; break;
} }
} else if (rollover) { } else if (rollover) {
...@@ -14815,6 +14816,7 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex, ...@@ -14815,6 +14816,7 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex,
char whenbuf[80]; char whenbuf[80];
isc_time_set(&timewhen, when, 0); isc_time_set(&timewhen, when, 0);
isc_time_formattimestamp(&timewhen, whenbuf, sizeof(whenbuf)); isc_time_formattimestamp(&timewhen, whenbuf, sizeof(whenbuf));
isc_result_t ret;
LOCK(&kasp->lock); LOCK(&kasp->lock);
result = dns_keymgr_rollover(kasp, &keys, dir, now, when, keyid, result = dns_keymgr_rollover(kasp, &keys, dir, now, when, keyid,
...@@ -14833,21 +14835,16 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex, ...@@ -14833,21 +14835,16 @@ named_server_dnssec(named_server_t *server, isc_lex_t *lex,
CHECK(putstr(text, "Rollover scheduled on ")); CHECK(putstr(text, "Rollover scheduled on "));
CHECK(putstr(text, whenbuf)); CHECK(putstr(text, whenbuf));
break; break;
case ISC_R_NOTFOUND: case DNS_R_TOOMANYKEYS:
CHECK(putstr(text, "No matching keyfound"));
break;
case ISC_R_FAILURE:
CHECK(putstr(text, CHECK(putstr(text,
"Error: multiple possible keys found, " "Error: multiple possible keys found, "
"retry command with -alg algorithm")); "retry command with -alg algorithm"));
break; break;
case ISC_R_UNEXPECTED:
CHECK(putstr(text,
"Error: key is not active and cannot "
"be rolled at this time"));
break;
default: default:
CHECK(putstr(text, "Error executing rollover command")); ret = result;
CHECK(putstr(text,
"Error executing rollover command: "));
CHECK(putstr(text, isc_result_totext(ret)));
break; break;
} }
} }
......
...@@ -2814,7 +2814,7 @@ n=$((n+1)) ...@@ -2814,7 +2814,7 @@ n=$((n+1))
echo_i "check that rndc dnssec -rollover fails if key is inactive ($n)" echo_i "check that rndc dnssec -rollover fails if key is inactive ($n)"
ret=0 ret=0
rndccmd "$SERVER" dnssec -rollover -key $(key_get KEY4 ID) "$ZONE" > rndc.dnssec.rollover.out.$ZONE.$n rndccmd "$SERVER" dnssec -rollover -key $(key_get KEY4 ID) "$ZONE" > rndc.dnssec.rollover.out.$ZONE.$n
grep "key is not active and cannot be rolled" rndc.dnssec.rollover.out.$ZONE.$n > /dev/null || log_error "bad error message" grep "key is not actively signing" rndc.dnssec.rollover.out.$ZONE.$n > /dev/null || log_error "bad error message"
test "$ret" -eq 0 || echo_i "failed" test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret)) status=$((status+ret))
......
...@@ -74,8 +74,8 @@ dns_keymgr_checkds_id(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring, ...@@ -74,8 +74,8 @@ dns_keymgr_checkds_id(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
* *
* Returns: * Returns:
*\li #ISC_R_SUCCESS (No error). *\li #ISC_R_SUCCESS (No error).
*\li #ISC_R_FAILURE (More than one matching KSK found). *\li #DNS_R_NOKEYMATCH (No matching keys found).
*\li #ISC_R_NOTFOUND (No matching KSK found). *\li #DNS_R_TOOMANYKEYS (More than one matching keys found).
* *
*/ */
...@@ -104,9 +104,9 @@ dns_keymgr_rollover(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring, ...@@ -104,9 +104,9 @@ dns_keymgr_rollover(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
* *
* Returns: * Returns:
*\li #ISC_R_SUCCESS (No error). *\li #ISC_R_SUCCESS (No error).
*\li #ISC_R_FAILURE (More than one matching keys found). *\li #DNS_R_NOKEYMATCH (No matching keys found).
*\li #ISC_R_NOTFOUND (No matching keys found). *\li #DNS_R_TOOMANYKEYS (More than one matching keys found).
*\li #ISC_R_UNEXPECTED (Key is not active). *\li #DNS_R_KEYNOTACTIVE (Key is not active).
* *
*/ */
......
...@@ -155,8 +155,11 @@ ...@@ -155,8 +155,11 @@
#define DNS_R_TOOMANYRECORDS (ISC_RESULTCLASS_DNS + 117) #define DNS_R_TOOMANYRECORDS (ISC_RESULTCLASS_DNS + 117)
#define DNS_R_VERIFYFAILURE (ISC_RESULTCLASS_DNS + 118) #define DNS_R_VERIFYFAILURE (ISC_RESULTCLASS_DNS + 118)
#define DNS_R_ATZONETOP (ISC_RESULTCLASS_DNS + 119) #define DNS_R_ATZONETOP (ISC_RESULTCLASS_DNS + 119)
#define DNS_R_NOKEYMATCH (ISC_RESULTCLASS_DNS + 120)
#define DNS_R_TOOMANYKEYS (ISC_RESULTCLASS_DNS + 121)
#define DNS_R_KEYNOTACTIVE (ISC_RESULTCLASS_DNS + 122)
#define DNS_R_NRESULTS 120 /*%< Number of results */ #define DNS_R_NRESULTS 123 /*%< Number of results */
/* /*
* DNS wire format rcodes. * DNS wire format rcodes.
......
...@@ -1894,7 +1894,7 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring, ...@@ -1894,7 +1894,7 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
/* /*
* Only checkds for one key at a time. * Only checkds for one key at a time.
*/ */
return (ISC_R_FAILURE); return (DNS_R_TOOMANYKEYS);
} }
ksk_key = dkey; ksk_key = dkey;
...@@ -1902,7 +1902,7 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring, ...@@ -1902,7 +1902,7 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
} }
if (ksk_key == NULL) { if (ksk_key == NULL) {
return (ISC_R_NOTFOUND); return (DNS_R_NOKEYMATCH);
} }
if (dspublish) { if (dspublish) {
...@@ -1918,7 +1918,7 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring, ...@@ -1918,7 +1918,7 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
} }
result = isc_dir_open(&dir, directory); result = isc_dir_open(&dir, directory);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
return result; return (result);
} }
dns_dnssec_get_hints(ksk_key, now); dns_dnssec_get_hints(ksk_key, now);
...@@ -2174,18 +2174,18 @@ dns_keymgr_rollover(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring, ...@@ -2174,18 +2174,18 @@ dns_keymgr_rollover(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
/* /*
* Only rollover for one key at a time. * Only rollover for one key at a time.
*/ */
return (ISC_R_FAILURE); return (DNS_R_TOOMANYKEYS);
} }
key = dkey; key = dkey;
} }
if (key == NULL) { if (key == NULL) {
return (ISC_R_NOTFOUND); return (DNS_R_NOKEYMATCH);
} }
result = dst_key_gettime(key->key, DST_TIME_ACTIVATE, &active); result = dst_key_gettime(key->key, DST_TIME_ACTIVATE, &active);
if (result != ISC_R_SUCCESS || active > now) { if (result != ISC_R_SUCCESS || active > now) {
return (ISC_R_UNEXPECTED); return (DNS_R_KEYNOTACTIVE);
} }
result = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire); result = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire);
...@@ -2218,7 +2218,7 @@ dns_keymgr_rollover(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring, ...@@ -2218,7 +2218,7 @@ dns_keymgr_rollover(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
} }
result = isc_dir_open(&dir, directory); result = isc_dir_open(&dir, directory);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
return result; return (result);
} }
dns_dnssec_get_hints(key, now); dns_dnssec_get_hints(key, now);
......
...@@ -165,6 +165,10 @@ static const char *text[DNS_R_NRESULTS] = { ...@@ -165,6 +165,10 @@ static const char *text[DNS_R_NRESULTS] = {
"too many records", /*%< 117 DNS_R_TOOMANYRECORDS */ "too many records", /*%< 117 DNS_R_TOOMANYRECORDS */
"verify failure", /*%< 118 DNS_R_VERIFYFAILURE */ "verify failure", /*%< 118 DNS_R_VERIFYFAILURE */
"at top of zone", /*%< 119 DNS_R_ATZONETOP */ "at top of zone", /*%< 119 DNS_R_ATZONETOP */
"no matching key found", /*%< 120 DNS_R_NOKEYMATCH */
"too many keys matching", /*%< 121 DNS_R_TOOMANYKEYS */
"key is not actively signing", /*%< 122 DNS_R_KEYNOTACTIVE */
}; };
static const char *ids[DNS_R_NRESULTS] = { static const char *ids[DNS_R_NRESULTS] = {
...@@ -292,6 +296,9 @@ static const char *ids[DNS_R_NRESULTS] = { ...@@ -292,6 +296,9 @@ static const char *ids[DNS_R_NRESULTS] = {
"DNS_R_TOOMANYRECORDS", "DNS_R_TOOMANYRECORDS",
"DNS_R_VERIFYFAILURE", "DNS_R_VERIFYFAILURE",
"DNS_R_ATZONETOP", "DNS_R_ATZONETOP",
"DNS_R_NOKEYMATCH",
"DNS_R_TOOMANYKEYS",
"DNS_R_KEYNOTACTIVE",
}; };
static const char *rcode_text[DNS_R_NRCODERESULTS] = { static const char *rcode_text[DNS_R_NRCODERESULTS] = {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment