mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 07:35:26 +00:00
Code Issues Releases Wiki Activity

Add zone context to "generated salt" logs

Browse Source
This commit is contained in:
Matthijs Mekking
2020-11-04 16:30:19 +01:00
parent 7878f300ff
commit 3b4c764b43
2 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
bin/named/server.c
View File

@@ -14369,6 +14369,7 @@ named_server_signing(named_server_t *server, isc_lex_t *lex,
bool list = false, clear = false; bool list = false, clear = false;
bool chain = false; bool chain = false;
bool setserial = false; bool setserial = false;
bool log_salt = false;
uint32_t serial = 0; uint32_t serial = 0;
char keystr[DNS_SECALG_FORMATSIZE + 7]; /* <5-digit keyid>/<alg> */ char keystr[DNS_SECALG_FORMATSIZE + 7]; /* <5-digit keyid>/<alg> */
unsigned short hash = 0, flags = 0, iter = 0, saltlen = 0; unsigned short hash = 0, flags = 0, iter = 0, saltlen = 0;
@@ -14452,10 +14453,7 @@ named_server_signing(named_server_t *server, isc_lex_t *lex,
*/ */
saltlen = 8; saltlen = 8;
CHECK(dns_nsec3_generate_salt(salt, saltlen)); CHECK(dns_nsec3_generate_salt(salt, saltlen));
dns_nsec3_log_salt( log_salt = true;
named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
salt, saltlen, "generated salt:");
} else if (strcmp(ptr, "-") != 0) { } else if (strcmp(ptr, "-") != 0) {
isc_buffer_t buf; isc_buffer_t buf;
@@ -14493,6 +14491,16 @@ named_server_signing(named_server_t *server, isc_lex_t *lex,
(void)putstr(text, "request queued"); (void)putstr(text, "request queued");
(void)putnull(text); (void)putnull(text);
} else if (chain) { } else if (chain) {
if (log_salt) {
char zonetext[DNS_NAME_MAXTEXT + 32];
dns_zone_name(zone, zonetext, sizeof(zonetext));
dns_nsec3_log_salt(
named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_INFO, salt,
saltlen,
"generated salt for zone %s:", zonetext);
}
CHECK(dns_zone_setnsec3param(zone, (uint8_t)hash, CHECK(dns_zone_setnsec3param(zone, (uint8_t)hash,
(uint8_t)flags, iter, (uint8_t)flags, iter,
(uint8_t)saltlen, salt, true)); (uint8_t)saltlen, salt, true));

9
bin/named/zoneconf.c
View File

@@ -1573,6 +1573,11 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
dns_kasp_nsec3saltlen(kasp), NULL); dns_kasp_nsec3saltlen(kasp), NULL);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
if (dns_kasp_nsec3saltlen(kasp) > 0) { if (dns_kasp_nsec3saltlen(kasp) > 0) {
char zonetext[DNS_NAME_MAXTEXT +
32];
dns_zone_name(zone, zonetext,
sizeof(zonetext));
RETERR(dns_nsec3_generate_salt( RETERR(dns_nsec3_generate_salt(
saltbuf, saltbuf,
dns_kasp_nsec3saltlen( dns_kasp_nsec3saltlen(
@@ -1586,7 +1591,9 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
ISC_LOG_INFO, salt, ISC_LOG_INFO, salt,
dns_kasp_nsec3saltlen( dns_kasp_nsec3saltlen(
kasp), kasp),
"generated salt:"); "generated salt for "
"zone %s:",
zonetext);
} }
result = dns_zone_setnsec3param( result = dns_zone_setnsec3param(
zone, 1, zone, 1,