Commit d782fcc6 authored by Michał Kępień's avatar Michał Kępień

Do not call exit() upon verifynode() errors

Make verifynode() return the verification result through a separate
pointer, thus making it possible to signal errors using function
return value.  Replace all fatal() and check_result() calls inside
verifynode() with zoneverify_log_error() calls and error handling code.
Add a REQUIRE assertion to emphasize verifynode() may be called with
some of its arguments set to NULL.

Modify all call sites of verifynode() so that its errors are properly
handled.
parent 7a996f0c
......@@ -804,16 +804,22 @@ static isc_result_t
verifynode(vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node,
isc_boolean_t delegation, dns_rdataset_t *keyrdataset,
dns_rdataset_t *nsecset, dns_rdataset_t *nsec3paramset,
dns_name_t *nextname)
dns_name_t *nextname, isc_result_t *vresult)
{
unsigned char types[8192];
unsigned int maxtype = 0;
dns_rdataset_t rdataset; dns_rdatasetiter_t *rdsiter = NULL;
isc_result_t result, tresult;
REQUIRE(vresult != NULL || (nsecset == NULL && nsec3paramset == NULL));
memset(types, 0, sizeof(types));
result = dns_db_allrdatasets(vctx->db, node, vctx->ver, 0, &rdsiter);
check_result(result, "dns_db_allrdatasets()");
if (result != ISC_R_SUCCESS) {
zoneverify_log_error(vctx, "dns_db_allrdatasets(): %s",
isc_result_totext(result));
return (result);
}
result = dns_rdatasetiter_first(rdsiter);
dns_rdataset_init(&rdataset);
while (result == ISC_R_SUCCESS) {
......@@ -843,23 +849,32 @@ verifynode(vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node,
dns_rdataset_disassociate(&rdataset);
result = dns_rdatasetiter_next(rdsiter);
}
if (result != ISC_R_NOMORE)
fatal("rdataset iteration failed: %s",
isc_result_totext(result));
dns_rdatasetiter_destroy(&rdsiter);
if (result != ISC_R_NOMORE) {
zoneverify_log_error(vctx, "rdataset iteration failed: %s",
isc_result_totext(result));
return (result);
}
result = ISC_R_SUCCESS;
if (vresult == NULL) {
return (ISC_R_SUCCESS);
}
*vresult = ISC_R_SUCCESS;
if (nsecset != NULL && dns_rdataset_isassociated(nsecset))
result = verifynsec(vctx, name, node, nextname);
if (nsecset != NULL && dns_rdataset_isassociated(nsecset)) {
*vresult = verifynsec(vctx, name, node, nextname);
}
if (nsec3paramset != NULL && dns_rdataset_isassociated(nsec3paramset)) {
tresult = verifynsec3s(vctx, name, nsec3paramset, delegation,
ISC_FALSE, types, maxtype);
if (result == ISC_R_SUCCESS && tresult != ISC_R_SUCCESS)
result = tresult;
if (*vresult == ISC_R_SUCCESS) {
*vresult = tresult;
}
}
return (result);
return (ISC_R_SUCCESS);
}
static isc_result_t
......@@ -1436,6 +1451,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
dns_dbnode_t *node = NULL, *nextnode;
dns_dbiterator_t *dbiter = NULL;
isc_boolean_t done = ISC_FALSE;
isc_result_t tvresult;
isc_result_t result;
name = dns_fixedname_initname(&fname);
......@@ -1552,11 +1568,16 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
}
result = verifynode(vctx, name, node, isdelegation,
&vctx->keyset, &vctx->nsecset,
&vctx->nsec3paramset, nextname);
&vctx->nsec3paramset, nextname, &tvresult);
if (result != ISC_R_SUCCESS) {
dns_db_detachnode(vctx->db, &node);
goto done;
}
if (*vresult == ISC_R_UNSET)
*vresult = ISC_R_SUCCESS;
if (*vresult == ISC_R_SUCCESS && result != ISC_R_SUCCESS)
*vresult = result;
if (*vresult == ISC_R_SUCCESS) {
*vresult = tvresult;
}
if (prevname != NULL) {
result = verifyemptynodes(vctx, name, prevname,
isdelegation,
......@@ -1589,7 +1610,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
goto done;
}
result = verifynode(vctx, name, node, ISC_FALSE, &vctx->keyset,
NULL, NULL, NULL);
NULL, NULL, NULL, NULL);
if (result != ISC_R_SUCCESS) {
zoneverify_log_error(vctx, "verifynode: %s",
isc_result_totext(result));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment