From 6a285c816d1c5f82afbcc92f7f5928ce8e9f9ffa Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Tue, 16 May 2000 18:41:00 +0000 Subject: [PATCH] better error reporting and miscellaneous cleanup --- bin/dnssec/dnssec-keygen.c | 189 +++++++++++++++++++-------------- bin/dnssec/dnssec-makekeyset.c | 37 +++++-- bin/dnssec/dnssec-signkey.c | 98 +++++++++++++---- bin/dnssec/dnssec-signzone.c | 153 ++++++++++++++++---------- bin/tests/keygen.c | 189 +++++++++++++++++++-------------- bin/tests/keysettool.c | 37 +++++-- bin/tests/keysigner.c | 98 +++++++++++++---- bin/tests/signer.c | 153 ++++++++++++++++---------- 8 files changed, 632 insertions(+), 322 deletions(-) diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 3661debaa9..bd298f4d76 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. */ -/* $Id: dnssec-keygen.c,v 1.18 2000/05/15 21:06:41 bwelling Exp $ */ +/* $Id: dnssec-keygen.c,v 1.19 2000/05/16 18:40:57 bwelling Exp $ */ #include @@ -33,12 +33,81 @@ #include #include -static isc_boolean_t dsa_size_ok(int size); -static void die(char *str); -static void usage(char *prog); +#define PROGRAM "keygen" + +#define MAX_RSA 2048 /* XXX ogud update this when rsa library is updated */ static int verbose; -#define MAX_RSA 2048 /* XXX ogud update this when rsa library is updated */ + +static inline void +fatal(char *format, ...) { + va_list args; + + fprintf(stderr, "%s: ", PROGRAM); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); + exit(1); +} + +static inline void +check_result(isc_result_t result, char *message) { + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "%s: %s: %s\n", PROGRAM, message, + isc_result_totext(result)); + exit(1); + } +} + +/* Not thread-safe! */ +static char * +algtostr(const dns_secalg_t alg) { + isc_buffer_t b; + isc_region_t r; + isc_result_t result; + static char data[10]; + + isc_buffer_init(&b, data, sizeof(data)); + result = dns_secalg_totext(alg, &b); + check_result(result, "dns_secalg_totext()"); + isc_buffer_usedregion(&b, &r); + r.base[r.length] = 0; + return (char *) r.base; +} + +static isc_boolean_t +dsa_size_ok(int size) { + return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0)); +} + +static void +usage(char *prog) { + printf("Usage:\n"); + printf(" %s [options] name\n\n", prog); + printf("Required options:\n"); + printf(" -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n"); + printf(" -b key size, in bits:\n"); + printf(" RSA:\t\t[512..%d]\n", MAX_RSA); + printf(" DH:\t\t[128..4096]\n"); + printf(" DSA:\t\t[512..1024] and dividable by 64\n"); + printf(" HMAC-MD5:\t[1..512]\n"); + printf(" -n nametype: ZONE | HOST | ENTITY | USER\n"); + printf(" name: owner of the key\n"); + printf("Other options:\n"); + printf(" -e use large exponent (RSA only)\n"); + printf(" -g use specified generator (DH only)\n"); + printf(" -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF\n"); + printf(" default: AUTHCONF\n"); + printf(" -p protocol value\n"); + printf(" default: 2 (email) for User keys, " + "3 (dnssec) for all others\n"); + printf(" -s strength value this key signs DNS records with\n"); + printf(" default: 0\n"); + printf(" -v verbose level\n"); + + exit (-1); +} int main(int argc, char **argv) { @@ -64,7 +133,7 @@ main(int argc, char **argv) { else prog = isc_mem_strdup(mctx, ++prog); if (prog == NULL) - die("strdup failure"); + fatal("out of memory"); if (argc == 1) usage(prog); @@ -77,12 +146,12 @@ main(int argc, char **argv) { algname = isc_mem_strdup(mctx, isc_commandline_argument); if (algname == NULL) - die("strdup failure"); + fatal("out of memory"); break; case 'b': size = strtol(isc_commandline_argument, &endp, 10); if (*endp != '\0' || size < 0) - die("-b requires a non-negative number"); + fatal("-b requires a non-negative number"); break; case 'e': rsa_exp = 1; @@ -90,36 +159,37 @@ main(int argc, char **argv) { case 'g': generator = strtol(isc_commandline_argument, &endp, 10); if (*endp != '\0' || generator <= 0) - die("-g requires a positive number"); + fatal("-g requires a positive number"); break; case 'n': nametype = isc_mem_strdup(mctx, isc_commandline_argument); if (nametype == NULL) - die("strdup failure"); + fatal("out of memory"); break; case 't': type = isc_mem_strdup(mctx, isc_commandline_argument); if (type == NULL) - die("strdup failure"); + fatal("out of memory"); break; case 'p': protocol = strtol(isc_commandline_argument, &endp, 10); if (*endp != '\0' || protocol < 0 || protocol > 255) - die("-p must be followed by " - "a number [0..255]"); + fatal("-p must be followed by a number " + "[0..255]"); break; case 's': signatory = strtol(isc_commandline_argument, &endp, 10); if (*endp != '\0' || signatory < 0 || signatory > 15) - die("-s must be followed by a number [0..15]"); + fatal("-s must be followed by a number " + "[0..15]"); break; case 'v': endp = NULL; verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') - die("-v must be followed by a number"); + fatal("-v must be followed by a number"); break; case 'h': @@ -131,12 +201,12 @@ main(int argc, char **argv) { } if (argc < isc_commandline_index + 1) - die("Must specify a domain name"); + fatal("the key name was not specified"); if (argc > isc_commandline_index + 1) - die("Extraneous arguments"); + fatal("extraneous arguments"); if (algname == NULL) - die("No algorithm specified"); + fatal("no algorithm was specified"); if (strcasecmp(algname, "RSA") == 0) alg = DNS_KEYALG_RSA; else if (strcasecmp(algname, "HMAC-MD5") == 0) @@ -146,10 +216,10 @@ main(int argc, char **argv) { r.length = strlen(algname); ret = dns_secalg_fromtext(&alg, &r); if (ret != ISC_R_SUCCESS) - die("Unknown algorithm"); + fatal("unknown algorithm %s", algname); } if (dst_supported_algorithm(alg) == ISC_FALSE) - die("Unsupported algorithm"); + fatal("unsupported algorithm %s", algname); if (type != NULL) { if (strcasecmp(type, "NOAUTH") == 0) @@ -164,39 +234,39 @@ main(int argc, char **argv) { else if (strcasecmp(type, "AUTHCONF") == 0) /* nothing */; else - die("Invalid type"); + fatal("invalid type %s", type); } if (size < 0) - die("Must specify key size (-b option)"); + fatal("key size not specified (-b option)"); switch (alg) { case DNS_KEYALG_RSA: if (size != 0 && (size < 512 || size > MAX_RSA)) - die("RSA key size out of range"); + fatal("RSA key size %d out of range", size); break; case DNS_KEYALG_DH: if (size != 0 && (size < 128 || size > 4096)) - die("DH key size out of range"); + fatal("DH key size %d out of range", size); break; case DNS_KEYALG_DSA: if (size != 0 && !dsa_size_ok(size)) - die("Invalid DSS key size"); + fatal("Invalid DSS key size: %d", size); break; case DST_ALG_HMACMD5: if (size < 1 || size > 512) - die("Invalid HMAC-MD5 key size"); + fatal("HMAC-MD5 key size %d out of range", size); break; } if (alg != DNS_KEYALG_RSA && rsa_exp != 0) - die("Cannot specify RSA exponent without RSA"); + fatal("specified RSA exponent without RSA"); if (alg != DNS_KEYALG_DH && generator != 0) - die("Cannot specify DH generator without DH"); + fatal("specified DH generator without DH"); if (nametype == NULL) - die("No nametype specified"); + fatal("no nametype specified"); if (strcasecmp(nametype, "zone") == 0) flags |= DNS_KEYOWNER_ZONE; else if (strcasecmp(nametype, "host") == 0 || @@ -205,7 +275,7 @@ main(int argc, char **argv) { else if (strcasecmp(nametype, "user") == 0) flags |= DNS_KEYOWNER_USER; else - die("Invalid nametype"); + fatal("invalid nametype %s", nametype); flags |= signatory; @@ -218,14 +288,14 @@ main(int argc, char **argv) { if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) { if (size > 0) - die("Specified null key with non-zero size"); + fatal("Specified null key with non-zero size"); if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0) - die("Specified null key with signing authority"); + fatal("Specified null key with signing authority"); } name = isc_mem_allocate(mctx, strlen(argv[isc_commandline_index]) + 2); if (name == NULL) - die("strdup failure"); + fatal("out of memory"); strcpy(name, argv[isc_commandline_index]); if (name[strlen(name) - 1] != '.') { strcat(name, "."); @@ -262,7 +332,7 @@ main(int argc, char **argv) { mctx, &key); if (ret != ISC_R_SUCCESS) { - fprintf(stderr, "keygen: failed to generate key: %s\n", + fatal("failed to generate key %s/%d: %s\n", name, alg, dst_result_totext(ret)); exit(-1); } @@ -288,15 +358,13 @@ main(int argc, char **argv) { } while (conflict == ISC_TRUE); if (conflict) - die("Attempting to generate a null key when a key with id 0 " - "already exists\n"); + fatal("cannot generate a null key when a key with id 0 " + "already exists"); ret = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE); - if (ret != ISC_R_SUCCESS) { - fprintf(stderr, "keygen: failed to write key %s(%d)\n", name, - dst_key_id(key)); - exit(-1); - } + if (ret != ISC_R_SUCCESS) + fatal("failed to write key %s/%s/%d: %s\n", name, + dst_key_id(key), algtostr(alg), isc_result_totext(ret)); isc_buffer_clear(&buf); ret = dst_key_buildfilename(key, 0, &buf); @@ -313,42 +381,3 @@ main(int argc, char **argv) { return (0); } - -static isc_boolean_t -dsa_size_ok(int size) { - return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0)); -} - -static void -die(char *str) { - fprintf(stderr, "keygen: %s\n", str); - exit(-1); -} - -static void -usage(char *prog) { - printf("Usage:\n"); - printf(" %s [options] name\n\n", prog); - printf("Required options:\n"); - printf(" -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n"); - printf(" -b key size, in bits:\n"); - printf(" RSA:\t\t[512..%d]\n", MAX_RSA); - printf(" DH:\t\t[128..4096]\n"); - printf(" DSA:\t\t[512..1024] and dividable by 64\n"); - printf(" HMAC-MD5:\t[1..512]\n"); - printf(" -n nametype: ZONE | HOST | ENTITY | USER\n"); - printf(" name: owner of the key\n"); - printf("Other options:\n"); - printf(" -e use large exponent (RSA only)\n"); - printf(" -g use specified generator (DH only)\n"); - printf(" -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF\n"); - printf(" default: AUTHCONF\n"); - printf(" -p protocol value\n"); - printf(" default: 2 (email) for User keys, " - "3 (dnssec) for all others\n"); - printf(" -s strength value this key signs DNS records with\n"); - printf(" default: 0\n"); - printf(" -v verbose level\n"); - - exit (-1); -} diff --git a/bin/dnssec/dnssec-makekeyset.c b/bin/dnssec/dnssec-makekeyset.c index 489f004123..0fc1133a09 100644 --- a/bin/dnssec/dnssec-makekeyset.c +++ b/bin/dnssec/dnssec-makekeyset.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #define PROGRAM "keysettool" @@ -78,10 +79,28 @@ static char * nametostr(dns_name_t *name) { isc_buffer_t b; isc_region_t r; + isc_result_t result; static char data[1025]; isc_buffer_init(&b, data, sizeof(data)); - dns_name_totext(name, ISC_FALSE, &b); + result = dns_name_totext(name, ISC_FALSE, &b); + check_result(result, "dns_name_totext()"); + isc_buffer_usedregion(&b, &r); + r.base[r.length] = 0; + return (char *) r.base; +} + +/* Not thread-safe! */ +static char * +algtostr(const dns_secalg_t alg) { + isc_buffer_t b; + isc_region_t r; + isc_result_t result; + static char data[10]; + + isc_buffer_init(&b, data, sizeof(data)); + result = dns_secalg_totext(alg, &b); + check_result(result, "dns_secalg_totext()"); isc_buffer_usedregion(&b, &r); r.base[r.length] = 0; return (char *) r.base; @@ -104,7 +123,8 @@ strtotime(char *str, isc_int64_t now, isc_int64_t base) { } else { result = dns_time64_fromtext(str, &val); - fatal("time %s must be numeric", str); + if (result != ISC_R_SUCCESS) + fatal("time %s must be numeric", str); } if (*endp != '\0') fatal("time value %s is invalid", str); @@ -304,8 +324,8 @@ main(int argc, char *argv[]) { &zonekey); if (result != ISC_R_SUCCESS) - fatal("failed to read key %s/%d/%d: %s", - namestr, id, alg, + fatal("failed to read key %s/%s/%d: %s", + namestr, id, algtostr(alg), isc_result_totext(result)); keynode = isc_mem_get(mctx, sizeof (keynode_t)); if (keynode == NULL) @@ -323,8 +343,9 @@ main(int argc, char *argv[]) { isc_buffer_init(&b, data, BUFSIZE); result = dst_key_todns(key, &b); if (result != ISC_R_SUCCESS) - fatal("failed to convert key %s/%d/%d to a DNS KEY: %s", - namestr, id, alg, isc_result_totext(result)); + fatal("failed to convert key %s/%s/%d to a DNS KEY: %s", + namestr, id, algtostr(alg), + isc_result_totext(result)); isc_buffer_usedregion(&b, &r); dns_rdata_fromregion(rdata, dns_rdataclass_in, dns_rdatatype_key, &r); @@ -364,10 +385,10 @@ main(int argc, char *argv[]) { &starttime, &endtime, mctx, &b, rdata); if (result != ISC_R_SUCCESS) - fatal("failed to sign keyset with key %s/%d/%d: %s", + fatal("failed to sign keyset with key %s/%s/%d: %s", dst_key_name(keynode->key), + algtostr(dst_key_alg(keynode->key)), dst_key_id(keynode->key), - dst_key_alg(keynode->key), isc_result_totext(result)); ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link); dns_rdataset_init(&sigrdataset); diff --git a/bin/dnssec/dnssec-signkey.c b/bin/dnssec/dnssec-signkey.c index 08fafc60b6..1db76670ea 100644 --- a/bin/dnssec/dnssec-signkey.c +++ b/bin/dnssec/dnssec-signkey.c @@ -32,6 +32,7 @@ #include #include #include +#include #define PROGRAM "keysigner" @@ -52,8 +53,14 @@ static isc_mem_t *mctx = NULL; static keylist_t keylist; static inline void -fatal(char *message) { - fprintf(stderr, "%s: %s\n", PROGRAM, message); +fatal(char *format, ...) { + va_list args; + + fprintf(stderr, "%s: ", PROGRAM); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); exit(1); } @@ -66,6 +73,39 @@ check_result(isc_result_t result, char *message) { } } +/* Not thread-safe! */ +static char * +nametostr(dns_name_t *name) { + isc_buffer_t b; + isc_region_t r; + isc_result_t result; + static char data[1025]; + + isc_buffer_init(&b, data, sizeof(data)); + result = dns_name_totext(name, ISC_FALSE, &b); + check_result(result, "dns_name_totext()"); + isc_buffer_usedregion(&b, &r); + r.base[r.length] = 0; + return (char *) r.base; +} + +/* Not thread-safe! */ +static char * +algtostr(const dns_secalg_t alg) { + isc_buffer_t b; + isc_region_t r; + isc_result_t result; + static char data[10]; + + isc_buffer_init(&b, data, sizeof(data)); + result = dns_secalg_totext(alg, &b); + check_result(result, "dns_secalg_totext()"); + isc_buffer_usedregion(&b, &r); + r.base[r.length] = 0; + return (char *) r.base; +} + + static void usage() { fprintf(stderr, "Usage:\n"); @@ -106,15 +146,14 @@ loadkeys(dns_name_t *name, dns_rdataset_t *rdataset) { continue; keynode = isc_mem_get(mctx, sizeof (keynode_t)); if (keynode == NULL) - check_result(ISC_R_NOMEMORY, "isc_mem_get()"); + fatal("out of memory"); keynode->key = key; keynode->verified = ISC_FALSE; ISC_LINK_INIT(keynode, link); ISC_LIST_APPEND(keylist, keynode, link); } - if (result == ISC_R_NOMORE) - result = ISC_R_SUCCESS; - check_result(result, "loadkeys()"); + if (result != ISC_R_NOMORE) + fatal("failure traversing key list"); } static dst_key_t * @@ -170,7 +209,7 @@ main(int argc, char *argv[]) { endp = NULL; verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') - check_result(ISC_R_FAILURE, "strtol()"); + fatal("verbose level must be numeric"); break; default: @@ -206,7 +245,8 @@ main(int argc, char *argv[]) { isc_buffer_init(&b, argv[0], strlen(argv[0]) - 7); isc_buffer_add(&b, strlen(argv[0]) - 7); result = dns_name_fromtext(domain, &b, dns_rootname, ISC_FALSE, NULL); - check_result(result, "dns_name_fromtext()"); + if (result != ISC_R_SUCCESS) + fatal("'%s' does not contain a valid domain name", argv[0]); isc_buffer_init(&b, tdomain, sizeof(tdomain) - 1); result = dns_name_totext(domain, ISC_FALSE, &b); check_result(result, "dns_name_totext()"); @@ -216,7 +256,7 @@ main(int argc, char *argv[]) { output = isc_mem_allocate(mctx, strlen(tdomain) + strlen("signedkey") + 1); if (output == NULL) - check_result(ISC_R_FAILURE, "isc_mem_allocate()"); + fatal("out of memory"); strcpy(output, tdomain); strcat(output, "signedkey"); @@ -226,33 +266,45 @@ main(int argc, char *argv[]) { check_result(result, "dns_db_create()"); result = dns_db_load(db, argv[0]); - check_result(result, "dns_db_load()"); + if (result != ISC_R_SUCCESS) + fatal("failed to load database from '%s': %s", argv[0], + isc_result_totext(result)); version = NULL; dns_db_newversion(db, &version); node = NULL; result = dns_db_findnode(db, domain, ISC_FALSE, &node); - check_result(result, "dns_db_findnode()"); + if (result != ISC_R_SUCCESS) + fatal("failed to find database node '%s': %s", + nametostr(domain), isc_result_totext(result)); dns_rdataset_init(&rdataset); dns_rdataset_init(&sigrdataset); result = dns_db_findrdataset(db, node, version, dns_rdatatype_key, 0, 0, &rdataset, &sigrdataset); - check_result(result, "dns_db_findrdataset()"); + if (result != ISC_R_SUCCESS) + fatal("failed to find rdataset '%s KEY': %s", + nametostr(domain), isc_result_totext(result)); loadkeys(domain, &rdataset); + if (!dns_rdataset_isassociated(&sigrdataset)) + fatal("no SIG KEY set present"); + result = dns_rdataset_first(&sigrdataset); check_result(result, "dns_rdataset_first()"); do { dns_rdataset_current(&sigrdataset, &sigrdata); result = dns_rdata_tostruct(&sigrdata, &sig, mctx); - check_result(result, "dns_rdata_tostruct"); + check_result(result, "dns_rdata_tostruct()"); key = findkey(&sig); result = dns_dnssec_verify(domain, &rdataset, key, ISC_TRUE, mctx, &sigrdata); - check_result(result, "dns_dnssec_verify"); + if (result != ISC_R_SUCCESS) + fatal("signature by key '%s/%s/%d' did not verify: %s", + dst_key_name(key), algtostr(dst_key_alg(key)), + dst_key_id(key), isc_result_totext(result)); dns_rdata_freestruct(&sig); result = dns_rdataset_next(&sigrdataset); } while (result == ISC_R_SUCCESS); @@ -295,20 +347,26 @@ main(int argc, char *argv[]) { key = NULL; result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PRIVATE, mctx, &key); - check_result (result, "dst_key_fromfile()"); + if (result != ISC_R_SUCCESS) + fatal("failed to read key %s/%s/%d from disk: %s", + dst_key_name(key), algtostr(dst_key_alg(key)), + dst_key_id(key), isc_result_totext(result)); isc_mem_put(mctx, namestr, strlen(namestr) + 1); rdata = isc_mem_get(mctx, sizeof(dns_rdata_t)); if (rdata == NULL) - check_result(ISC_R_NOMEMORY, "isc_mem_get()"); + fatal("out of memory"); data = isc_mem_get(mctx, BUFSIZE); if (data == NULL) - check_result(ISC_R_NOMEMORY, "isc_mem_get()"); + fatal("out of memory"); isc_buffer_init(&b, data, BUFSIZE); result = dns_dnssec_sign(domain, &rdataset, key, &sig.timesigned, &sig.timeexpire, mctx, &b, rdata); - check_result (result, "dns_dnssec_sign()"); + if (result != ISC_R_SUCCESS) + fatal("key '%s/%s/%d' failed to sign data: %s", + dst_key_name(key), algtostr(dst_key_alg(key)), + dst_key_id(key), isc_result_totext(result)); ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link); dst_key_free(key); } @@ -323,7 +381,9 @@ main(int argc, char *argv[]) { dns_db_detachnode(db, &node); dns_db_closeversion(db, &version, ISC_TRUE); result = dns_db_dump(db, version, output); - check_result(result, "dns_db_dump()"); + if (result != ISC_R_SUCCESS) + fatal("failed to write database to '%s': %s", + output, isc_result_totext(result)); dns_rdataset_disassociate(&rdataset); dns_rdataset_disassociate(&newsigrdataset); diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 190c1d3d94..9f3f600341 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -72,8 +72,14 @@ static isc_boolean_t tryverify = ISC_FALSE; static isc_mem_t *mctx = NULL; static inline void -fatal(char *message) { - fprintf(stderr, "%s: %s\n", PROGRAM, message); +fatal(char *format, ...) { + va_list args; + + fprintf(stderr, "%s: ", PROGRAM); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); exit(1); } @@ -102,10 +108,12 @@ static char * nametostr(dns_name_t *name) { isc_buffer_t b; isc_region_t r; + isc_result_t result; static char data[1025]; isc_buffer_init(&b, data, sizeof(data)); - dns_name_totext(name, ISC_FALSE, &b); + result = dns_name_totext(name, ISC_FALSE, &b); + check_result(result, "dns_name_totext()"); isc_buffer_usedregion(&b, &r); r.base[r.length] = 0; return (char *) r.base; @@ -116,10 +124,12 @@ static char * typetostr(const dns_rdatatype_t type) { isc_buffer_t b; isc_region_t r; + isc_result_t result; static char data[10]; isc_buffer_init(&b, data, sizeof(data)); - dns_rdatatype_totext(type, &b); + result = dns_rdatatype_totext(type, &b); + check_result(result, "dns_rdatatype_totext()"); isc_buffer_usedregion(&b, &r); r.base[r.length] = 0; return (char *) r.base; @@ -130,10 +140,12 @@ static char * algtostr(const dns_secalg_t alg) { isc_buffer_t b; isc_region_t r; + isc_result_t result; static char data[10]; isc_buffer_init(&b, data, sizeof(data)); - dns_secalg_totext(alg, &b); + result = dns_secalg_totext(alg, &b); + check_result(result, "dns_secalg_totext()"); isc_buffer_usedregion(&b, &r); r.base[r.length] = 0; return (char *) r.base; @@ -162,7 +174,10 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata, dns_rdata_init(rdata); result = dns_dnssec_sign(name, rdataset, key, &starttime, &endtime, mctx, b, rdata); - check_result(result, "dns_dnssec_sign()"); + if (result != ISC_R_SUCCESS) + fatal("key '%s/%s/%d' failed to sign data: %s", + dst_key_name(key), algtostr(dst_key_alg(key)), + dst_key_id(key), isc_result_totext(result)); if (tryverify) { result = dns_dnssec_verify(name, rdataset, key, @@ -223,7 +238,7 @@ keythatsigned(dns_rdata_sig_t *sig) { key = isc_mem_get(mctx, sizeof(signer_key_t)); if (key == NULL) - check_result(ISC_R_FAILURE, "isc_mem_get"); + fatal("out of memory"); result = dst_key_fromfile(keyname, sig->keyid, sig->algorithm, DST_TYPE_PRIVATE, mctx, &privkey); @@ -262,7 +277,8 @@ expecttofindkey(dns_name_t *name, dns_db_t *db, dns_dbversion_t *version) { case DNS_R_DNAME: return ISC_FALSE; default: - check_result(result, "dns_db_find"); + fatal("failure looking for '%s KEY' in database: %s", + nametostr(name), isc_result_totext(result)); return ISC_FALSE; /* removes a warning */ } } @@ -282,7 +298,7 @@ setverifies(dns_name_t *name, dns_rdataset_t *set, signer_key_t *key, tdata = isc_mem_get(mctx, sizeof(signer_array_t)); \ ISC_LIST_APPEND(arraylist, tdata, link); \ if (trdata == NULL || tdata == NULL) \ - check_result(ISC_R_FAILURE, "isc_mem_get"); \ + fatal("out of memory"); \ isc_buffer_init(&b, tdata->array, sizeof(tdata->array)); /* @@ -320,7 +336,10 @@ signset(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, result = ISC_R_SUCCESS; nosigs = ISC_TRUE; } - check_result(result, "dns_db_findrdataset()"); + if (result != ISC_R_SUCCESS) + fatal("failed while looking for '%s SIG %s': %s", + nametostr(name), typetostr(set->type), + isc_result_totext(result)); vbprintf(1, "%s/%s:\n", nametostr(name), typetostr(set->type)); @@ -551,7 +570,8 @@ hasnullkey(dns_rdataset_t *rdataset) { dns_rdataset_current(rdataset, &rdata); result = dns_dnssec_keyfromrdata(dns_rootname, &rdata, mctx, &key); - check_result(result, "dns_dnssec_keyfromrdata()"); + if (result != ISC_R_SUCCESS) + fatal("could not convert KEY into internal format"); if (dst_key_isnullkey(key)) found = ISC_TRUE; dst_key_free(key); @@ -560,7 +580,7 @@ hasnullkey(dns_rdataset_t *rdataset) { result = dns_rdataset_next(rdataset); } if (result != ISC_R_NOMORE) - check_result(result, "iteration over keys"); + fatal("failure looking for null keys"); return (ISC_FALSE); } #endif @@ -610,11 +630,11 @@ importparentsig(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, dns_rdata_init(&newrdata); result = dns_rdataset_first(set); - check_result(result, "dns_rdata_first()"); + check_result(result, "dns_rdataset_first()"); for (; result == ISC_R_SUCCESS; result = dns_rdataset_next(set)) { dns_rdataset_current(set, &rdata); result = dns_rdataset_first(&newset); - check_result(result, "dns_rdata_first()"); + check_result(result, "dns_rdataset_first()"); for (; result == ISC_R_SUCCESS; result = dns_rdataset_next(&newset)) @@ -850,7 +870,10 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, if (result == ISC_R_NOTFOUND) result = ISC_R_SUCCESS; - check_result(result, "dns_db_findrdataset"); + if (result != ISC_R_SUCCESS) + fatal("failure looking for null key " + "at '%s': %s", nametostr(name), + isc_result_totext(result)); if (dns_rdataset_isassociated(&keyset)) dns_rdataset_disassociate(&keyset); @@ -866,7 +889,8 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, DNS_KEYTYPE_NOKEY, DNS_KEYPROTO_DNSSEC, mctx, &dstkey); - check_result(result, "dst_key_generate"); + if (result != ISC_R_SUCCESS) + fatal("failed to generate null key"); isc_buffer_init(&b, keydata, sizeof keydata); result = dst_key_todns(dstkey, &b); dst_key_free(dstkey); @@ -907,7 +931,8 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, result = dns_rdatasetiter_next(rdsiter); } if (result != ISC_R_NOMORE) - fatal("rdataset iteration failed"); + fatal("rdataset iteration for name '%s' failed: %s", + nametostr(name), isc_result_totext(result)); dns_rdatasetiter_destroy(&rdsiter); } @@ -934,7 +959,8 @@ active_node(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) { result = ISC_R_NOMORE; } if (result != ISC_R_NOMORE) - fatal("rdataset iteration failed"); + fatal("rdataset iteration failed: %s", + isc_result_totext(result)); dns_rdatasetiter_destroy(&rdsiter); if (!active) { @@ -1023,12 +1049,14 @@ signzone(dns_db_t *db, dns_dbversion_t *version) { dns_rdataset_init(&soaset); result = dns_db_find(db, origin, version, dns_rdatatype_soa, 0, 0, NULL, name, &soaset, NULL); - check_result(result, "dns_db_find"); + if (result != ISC_R_SUCCESS) + fatal("failed to find '%s SOA' in the zone: %s", + nametostr(name), isc_result_totext(result)); result = dns_rdataset_first(&soaset); - check_result(result, "dns_rdataset_first"); + check_result(result, "dns_rdataset_first()"); dns_rdataset_current(&soaset, &soarr); result = dns_rdata_tostruct(&soarr, &soa, mctx); - check_result(result, "dns_rdataset_tostruct"); + check_result(result, "dns_rdataset_tostruct()"); zonettl = soa.minimum; dns_rdata_freestruct(&soa); dns_rdataset_disassociate(&soaset); @@ -1065,7 +1093,8 @@ signzone(dns_db_t *db, dns_dbversion_t *version) { result = dns_rdatasetiter_next(rdsiter); } if (result != ISC_R_SUCCESS && result != ISC_R_NOMORE) - fatal("rdataset iteration failed"); + fatal("rdataset iteration failed: %s", + isc_result_totext(result)); if (result == ISC_R_SUCCESS) { if (lastcut != NULL) dns_name_free(lastcut, mctx); @@ -1073,11 +1102,11 @@ signzone(dns_db_t *db, dns_dbversion_t *version) { lastcut = isc_mem_get(mctx, sizeof(dns_name_t)); if (lastcut == NULL) - fatal("allocation failure"); + fatal("out of memory"); } dns_name_init(lastcut, NULL); result = dns_name_dup(curname, mctx, lastcut); - check_result(result, "dns_name_dup"); + check_result(result, "dns_name_dup()"); } dns_rdatasetiter_destroy(&rdsiter); } @@ -1091,7 +1120,8 @@ signzone(dns_db_t *db, dns_dbversion_t *version) { target = origin; else { target = NULL; /* Make compiler happy. */ - fatal("db iteration failed"); + fatal("iterating through the database failed: %s", + isc_result_totext(result)); } nxtresult = dns_buildnxt(db, version, node, target, zonettl); check_result(nxtresult, "dns_buildnxt()"); @@ -1102,7 +1132,8 @@ signzone(dns_db_t *db, dns_dbversion_t *version) { node = nextnode; } if (result != ISC_R_NOMORE) - fatal("db iteration failed"); + fatal("iterating through the database failed: %s", + isc_result_totext(result)); if (lastcut != NULL) { dns_name_free(lastcut, mctx); isc_mem_put(mctx, lastcut, sizeof(dns_name_t)); @@ -1126,7 +1157,9 @@ loadzone(char *file, char *origin, dns_zone_t **zone) { dns_name_init(&name, NULL); result = dns_name_fromtext(&name, &b, dns_rootname, ISC_FALSE, &b2); - check_result(result, "dns_name_fromtext()"); + if (result != ISC_R_SUCCESS) + fatal("failed converting name '%s' to dns format: %s", + origin, isc_result_totext(result)); result = dns_zone_create(zone, mctx); check_result(result, "dns_zone_create()"); @@ -1145,7 +1178,9 @@ loadzone(char *file, char *origin, dns_zone_t **zone) { dns_zone_setclass(*zone, dns_rdataclass_in); /* XXX */ result = dns_zone_load(*zone); - check_result(result, "dns_zone_load()"); + if (result != ISC_R_SUCCESS) + fatal("failed loading zone from '%s': %s", + file, isc_result_totext(result)); } static void @@ -1176,20 +1211,24 @@ loadzonekeys(dns_db_t *db, dns_dbversion_t *version) { node = NULL; result = dns_db_findnode(db, origin, ISC_FALSE, &node); - check_result(result, "dns_db_findnode()"); + if (result != ISC_R_SUCCESS) + fatal("failed to find the zone's origin: %s", + isc_result_totext(result)); result = dns_dnssec_findzonekeys(db, version, node, origin, mctx, 20, keys, &nkeys); if (result == ISC_R_NOTFOUND) result = ISC_R_SUCCESS; - check_result(result, "dns_dnssec_findzonekeys()"); + if (result != ISC_R_SUCCESS) + fatal("failed to find the zone keys: %s", + isc_result_totext(result)); for (i = 0; i < nkeys; i++) { signer_key_t *key; key = isc_mem_get(mctx, sizeof(signer_key_t)); if (key == NULL) - check_result(ISC_R_FAILURE, "isc_mem_get(key)"); + fatal("out of memory"); key->key = keys[i]; key->isdefault = ISC_FALSE; @@ -1209,7 +1248,9 @@ dumpzone(dns_zone_t *zone, char *filename) { exit(-1); } result = dns_zone_dumptostream(zone, fp); - check_result(result, "dns_zone_dump"); + if (result != ISC_R_SUCCESS) + fatal("failed to write new database to '%s': %s", + filename, isc_result_totext(result)); fclose(fp); } @@ -1229,10 +1270,11 @@ strtotime(char *str, isc_int64_t now, isc_int64_t base) { } else { result = dns_time64_fromtext(str, &val); - check_result(result, "dns_time64_fromtext()"); + if (result != ISC_R_SUCCESS) + fatal("time %s must be numeric", str); } if (*endp != '\0') - check_result(ISC_R_FAILURE, "strtol()"); + fatal("time value %s is invalid", str); return ((isc_stdtime_t) val); } @@ -1324,7 +1366,8 @@ main(int argc, char *argv[]) { dns_result_register(); result = isc_mem_create(0, 0, &mctx); - check_result(result, "isc_mem_create()"); + if (result != ISC_R_SUCCESS) + fatal("out of memory"); while ((ch = isc_commandline_parse(argc, argv, "s:e:c:v:o:f:ah")) != -1) { @@ -1333,46 +1376,42 @@ main(int argc, char *argv[]) { startstr = isc_mem_strdup(mctx, isc_commandline_argument); if (startstr == NULL) - check_result(ISC_R_FAILURE, - "isc_mem_strdup()"); + fatal("out of memory"); break; case 'e': endstr = isc_mem_strdup(mctx, isc_commandline_argument); if (endstr == NULL) - check_result(ISC_R_FAILURE, - "isc_mem_strdup()"); + fatal("out of memory"); break; case 'c': endp = NULL; cycle = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') - check_result(ISC_R_FAILURE, "strtol()"); + fatal("cycle period must be numeric"); break; case 'v': endp = NULL; verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') - check_result(ISC_R_FAILURE, "strtol()"); + fatal("verbose level must be numeric"); break; case 'o': origin = isc_mem_strdup(mctx, isc_commandline_argument); if (origin == NULL) - check_result(ISC_R_FAILURE, - "isc_mem_strdup()"); + fatal("out of memory"); break; case 'f': output = isc_mem_strdup(mctx, isc_commandline_argument); if (output == NULL) - check_result(ISC_R_FAILURE, - "isc_mem_strdup()"); + fatal("out of memory"); break; case 'a': @@ -1431,7 +1470,7 @@ main(int argc, char *argv[]) { file = isc_mem_strdup(mctx, argv[0]); if (file == NULL) - check_result(ISC_R_FAILURE, "isc_mem_strdup()"); + fatal("out of memory"); argc -= 1; argv += 1; @@ -1440,14 +1479,14 @@ main(int argc, char *argv[]) { output = isc_mem_allocate(mctx, strlen(file) + strlen(".signed") + 1); if (output == NULL) - check_result(ISC_R_FAILURE, "isc_mem_allocate()"); + fatal("out of memory"); sprintf(output, "%s.signed", file); } if (origin == NULL) { origin = isc_mem_allocate(mctx, strlen(file) + 2); if (origin == NULL) - check_result(ISC_R_FAILURE, "isc_mem_allocate()"); + fatal("out of memory"); strcpy(origin, file); if (file[strlen(file) - 1] != '.') strcat(origin, "."); @@ -1496,9 +1535,12 @@ main(int argc, char *argv[]) { { key->isdefault = ISC_TRUE; if (!dst_key_isprivate(dkey)) - check_result - (DST_R_NOTPRIVATEKEY, - "key specify"); + fatal("cannot sign zone with " + "non-private key " + "'%s/%s/%d'", + dst_key_name(dkey), + algtostr(dst_key_alg(dkey)), + dst_key_id(dkey)); break; } key = ISC_LIST_NEXT(key, link); @@ -1508,11 +1550,14 @@ main(int argc, char *argv[]) { result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PRIVATE, mctx, &dkey); - check_result (result, "dst_key_fromfile"); + if (result != ISC_R_SUCCESS) + fatal("failed to load key '%s/%s/%d' " + "from disk: %s", namestr, + algtostr(alg), id, + isc_result_totext(result)); key = isc_mem_get(mctx, sizeof(signer_key_t)); if (key == NULL) - check_result(ISC_R_FAILURE, - "isc_mem_get"); + fatal("out of memory"); key->key = dkey; key->isdefault = ISC_TRUE; ISC_LIST_APPEND(keylist, key, link); diff --git a/bin/tests/keygen.c b/bin/tests/keygen.c index 1188a2308c..a52ed25ac4 100644 --- a/bin/tests/keygen.c +++ b/bin/tests/keygen.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. */ -/* $Id: keygen.c,v 1.18 2000/05/15 21:06:41 bwelling Exp $ */ +/* $Id: keygen.c,v 1.19 2000/05/16 18:40:57 bwelling Exp $ */ #include @@ -33,12 +33,81 @@ #include #include -static isc_boolean_t dsa_size_ok(int size); -static void die(char *str); -static void usage(char *prog); +#define PROGRAM "keygen" + +#define MAX_RSA 2048 /* XXX ogud update this when rsa library is updated */ static int verbose; -#define MAX_RSA 2048 /* XXX ogud update this when rsa library is updated */ + +static inline void +fatal(char *format, ...) { + va_list args; + + fprintf(stderr, "%s: ", PROGRAM); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); + exit(1); +} + +static inline void +check_result(isc_result_t result, char *message) { + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "%s: %s: %s\n", PROGRAM, message, + isc_result_totext(result)); + exit(1); + } +} + +/* Not thread-safe! */ +static char * +algtostr(const dns_secalg_t alg) { + isc_buffer_t b; + isc_region_t r; + isc_result_t result; + static char data[10]; + + isc_buffer_init(&b, data, sizeof(data)); + result = dns_secalg_totext(alg, &b); + check_result(result, "dns_secalg_totext()"); + isc_buffer_usedregion(&b, &r); + r.base[r.length] = 0; + return (char *) r.base; +} + +static isc_boolean_t +dsa_size_ok(int size) { + return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0)); +} + +static void +usage(char *prog) { + printf("Usage:\n"); + printf(" %s [options] name\n\n", prog); + printf("Required options:\n"); + printf(" -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n"); + printf(" -b key size, in bits:\n"); + printf(" RSA:\t\t[512..%d]\n", MAX_RSA); + printf(" DH:\t\t[128..4096]\n"); + printf(" DSA:\t\t[512..1024] and dividable by 64\n"); + printf(" HMAC-MD5:\t[1..512]\n"); + printf(" -n nametype: ZONE | HOST | ENTITY | USER\n"); + printf(" name: owner of the key\n"); + printf("Other options:\n"); + printf(" -e use large exponent (RSA only)\n"); + printf(" -g use specified generator (DH only)\n"); + printf(" -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF\n"); + printf(" default: AUTHCONF\n"); + printf(" -p protocol value\n"); + printf(" default: 2 (email) for User keys, " + "3 (dnssec) for all others\n"); + printf(" -s strength value this key signs DNS records with\n"); + printf(" default: 0\n"); + printf(" -v verbose level\n"); + + exit (-1); +} int main(int argc, char **argv) { @@ -64,7 +133,7 @@ main(int argc, char **argv) { else prog = isc_mem_strdup(mctx, ++prog); if (prog == NULL) - die("strdup failure"); + fatal("out of memory"); if (argc == 1) usage(prog); @@ -77,12 +146,12 @@ main(int argc, char **argv) { algname = isc_mem_strdup(mctx, isc_commandline_argument); if (algname == NULL) - die("strdup failure"); + fatal("out of memory"); break; case 'b': size = strtol(isc_commandline_argument, &endp, 10); if (*endp != '\0' || size < 0) - die("-b requires a non-negative number"); + fatal("-b requires a non-negative number"); break; case 'e': rsa_exp = 1; @@ -90,36 +159,37 @@ main(int argc, char **argv) { case 'g': generator = strtol(isc_commandline_argument, &endp, 10); if (*endp != '\0' || generator <= 0) - die("-g requires a positive number"); + fatal("-g requires a positive number"); break; case 'n': nametype = isc_mem_strdup(mctx, isc_commandline_argument); if (nametype == NULL) - die("strdup failure"); + fatal("out of memory"); break; case 't': type = isc_mem_strdup(mctx, isc_commandline_argument); if (type == NULL) - die("strdup failure"); + fatal("out of memory"); break; case 'p': protocol = strtol(isc_commandline_argument, &endp, 10); if (*endp != '\0' || protocol < 0 || protocol > 255) - die("-p must be followed by " - "a number [0..255]"); + fatal("-p must be followed by a number " + "[0..255]"); break; case 's': signatory = strtol(isc_commandline_argument, &endp, 10); if (*endp != '\0' || signatory < 0 || signatory > 15) - die("-s must be followed by a number [0..15]"); + fatal("-s must be followed by a number " + "[0..15]"); break; case 'v': endp = NULL; verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') - die("-v must be followed by a number"); + fatal("-v must be followed by a number"); break; case 'h': @@ -131,12 +201,12 @@ main(int argc, char **argv) { } if (argc < isc_commandline_index + 1) - die("Must specify a domain name"); + fatal("the key name was not specified"); if (argc > isc_commandline_index + 1) - die("Extraneous arguments"); + fatal("extraneous arguments"); if (algname == NULL) - die("No algorithm specified"); + fatal("no algorithm was specified"); if (strcasecmp(algname, "RSA") == 0) alg = DNS_KEYALG_RSA; else if (strcasecmp(algname, "HMAC-MD5") == 0) @@ -146,10 +216,10 @@ main(int argc, char **argv) { r.length = strlen(algname); ret = dns_secalg_fromtext(&alg, &r); if (ret != ISC_R_SUCCESS) - die("Unknown algorithm"); + fatal("unknown algorithm %s", algname); } if (dst_supported_algorithm(alg) == ISC_FALSE) - die("Unsupported algorithm"); + fatal("unsupported algorithm %s", algname); if (type != NULL) { if (strcasecmp(type, "NOAUTH") == 0) @@ -164,39 +234,39 @@ main(int argc, char **argv) { else if (strcasecmp(type, "AUTHCONF") == 0) /* nothing */; else - die("Invalid type"); + fatal("invalid type %s", type); } if (size < 0) - die("Must specify key size (-b option)"); + fatal("key size not specified (-b option)"); switch (alg) { case DNS_KEYALG_RSA: if (size != 0 && (size < 512 || size > MAX_RSA)) - die("RSA key size out of range"); + fatal("RSA key size %d out of range", size); break; case DNS_KEYALG_DH: if (size != 0 && (size < 128 || size > 4096)) - die("DH key size out of range"); + fatal("DH key size %d out of range", size); break; case DNS_KEYALG_DSA: if (size != 0 && !dsa_size_ok(size)) - die("Invalid DSS key size"); + fatal("Invalid DSS key size: %d", size); break; case DST_ALG_HMACMD5: if (size < 1 || size > 512) - die("Invalid HMAC-MD5 key size"); + fatal("HMAC-MD5 key size %d out of range", size); break; } if (alg != DNS_KEYALG_RSA && rsa_exp != 0) - die("Cannot specify RSA exponent without RSA"); + fatal("specified RSA exponent without RSA"); if (alg != DNS_KEYALG_DH && generator != 0) - die("Cannot specify DH generator without DH"); + fatal("specified DH generator without DH"); if (nametype == NULL) - die("No nametype specified"); + fatal("no nametype specified"); if (strcasecmp(nametype, "zone") == 0) flags |= DNS_KEYOWNER_ZONE; else if (strcasecmp(nametype, "host") == 0 || @@ -205,7 +275,7 @@ main(int argc, char **argv) { else if (strcasecmp(nametype, "user") == 0) flags |= DNS_KEYOWNER_USER; else - die("Invalid nametype"); + fatal("invalid nametype %s", nametype); flags |= signatory; @@ -218,14 +288,14 @@ main(int argc, char **argv) { if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) { if (size > 0) - die("Specified null key with non-zero size"); + fatal("Specified null key with non-zero size"); if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0) - die("Specified null key with signing authority"); + fatal("Specified null key with signing authority"); } name = isc_mem_allocate(mctx, strlen(argv[isc_commandline_index]) + 2); if (name == NULL) - die("strdup failure"); + fatal("out of memory"); strcpy(name, argv[isc_commandline_index]); if (name[strlen(name) - 1] != '.') { strcat(name, "."); @@ -262,7 +332,7 @@ main(int argc, char **argv) { mctx, &key); if (ret != ISC_R_SUCCESS) { - fprintf(stderr, "keygen: failed to generate key: %s\n", + fatal("failed to generate key %s/%d: %s\n", name, alg, dst_result_totext(ret)); exit(-1); } @@ -288,15 +358,13 @@ main(int argc, char **argv) { } while (conflict == ISC_TRUE); if (conflict) - die("Attempting to generate a null key when a key with id 0 " - "already exists\n"); + fatal("cannot generate a null key when a key with id 0 " + "already exists"); ret = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE); - if (ret != ISC_R_SUCCESS) { - fprintf(stderr, "keygen: failed to write key %s(%d)\n", name, - dst_key_id(key)); - exit(-1); - } + if (ret != ISC_R_SUCCESS) + fatal("failed to write key %s/%s/%d: %s\n", name, + dst_key_id(key), algtostr(alg), isc_result_totext(ret)); isc_buffer_clear(&buf); ret = dst_key_buildfilename(key, 0, &buf); @@ -313,42 +381,3 @@ main(int argc, char **argv) { return (0); } - -static isc_boolean_t -dsa_size_ok(int size) { - return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0)); -} - -static void -die(char *str) { - fprintf(stderr, "keygen: %s\n", str); - exit(-1); -} - -static void -usage(char *prog) { - printf("Usage:\n"); - printf(" %s [options] name\n\n", prog); - printf("Required options:\n"); - printf(" -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n"); - printf(" -b key size, in bits:\n"); - printf(" RSA:\t\t[512..%d]\n", MAX_RSA); - printf(" DH:\t\t[128..4096]\n"); - printf(" DSA:\t\t[512..1024] and dividable by 64\n"); - printf(" HMAC-MD5:\t[1..512]\n"); - printf(" -n nametype: ZONE | HOST | ENTITY | USER\n"); - printf(" name: owner of the key\n"); - printf("Other options:\n"); - printf(" -e use large exponent (RSA only)\n"); - printf(" -g use specified generator (DH only)\n"); - printf(" -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF\n"); - printf(" default: AUTHCONF\n"); - printf(" -p protocol value\n"); - printf(" default: 2 (email) for User keys, " - "3 (dnssec) for all others\n"); - printf(" -s strength value this key signs DNS records with\n"); - printf(" default: 0\n"); - printf(" -v verbose level\n"); - - exit (-1); -} diff --git a/bin/tests/keysettool.c b/bin/tests/keysettool.c index 489f004123..0fc1133a09 100644 --- a/bin/tests/keysettool.c +++ b/bin/tests/keysettool.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #define PROGRAM "keysettool" @@ -78,10 +79,28 @@ static char * nametostr(dns_name_t *name) { isc_buffer_t b; isc_region_t r; + isc_result_t result; static char data[1025]; isc_buffer_init(&b, data, sizeof(data)); - dns_name_totext(name, ISC_FALSE, &b); + result = dns_name_totext(name, ISC_FALSE, &b); + check_result(result, "dns_name_totext()"); + isc_buffer_usedregion(&b, &r); + r.base[r.length] = 0; + return (char *) r.base; +} + +/* Not thread-safe! */ +static char * +algtostr(const dns_secalg_t alg) { + isc_buffer_t b; + isc_region_t r; + isc_result_t result; + static char data[10]; + + isc_buffer_init(&b, data, sizeof(data)); + result = dns_secalg_totext(alg, &b); + check_result(result, "dns_secalg_totext()"); isc_buffer_usedregion(&b, &r); r.base[r.length] = 0; return (char *) r.base; @@ -104,7 +123,8 @@ strtotime(char *str, isc_int64_t now, isc_int64_t base) { } else { result = dns_time64_fromtext(str, &val); - fatal("time %s must be numeric", str); + if (result != ISC_R_SUCCESS) + fatal("time %s must be numeric", str); } if (*endp != '\0') fatal("time value %s is invalid", str); @@ -304,8 +324,8 @@ main(int argc, char *argv[]) { &zonekey); if (result != ISC_R_SUCCESS) - fatal("failed to read key %s/%d/%d: %s", - namestr, id, alg, + fatal("failed to read key %s/%s/%d: %s", + namestr, id, algtostr(alg), isc_result_totext(result)); keynode = isc_mem_get(mctx, sizeof (keynode_t)); if (keynode == NULL) @@ -323,8 +343,9 @@ main(int argc, char *argv[]) { isc_buffer_init(&b, data, BUFSIZE); result = dst_key_todns(key, &b); if (result != ISC_R_SUCCESS) - fatal("failed to convert key %s/%d/%d to a DNS KEY: %s", - namestr, id, alg, isc_result_totext(result)); + fatal("failed to convert key %s/%s/%d to a DNS KEY: %s", + namestr, id, algtostr(alg), + isc_result_totext(result)); isc_buffer_usedregion(&b, &r); dns_rdata_fromregion(rdata, dns_rdataclass_in, dns_rdatatype_key, &r); @@ -364,10 +385,10 @@ main(int argc, char *argv[]) { &starttime, &endtime, mctx, &b, rdata); if (result != ISC_R_SUCCESS) - fatal("failed to sign keyset with key %s/%d/%d: %s", + fatal("failed to sign keyset with key %s/%s/%d: %s", dst_key_name(keynode->key), + algtostr(dst_key_alg(keynode->key)), dst_key_id(keynode->key), - dst_key_alg(keynode->key), isc_result_totext(result)); ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link); dns_rdataset_init(&sigrdataset); diff --git a/bin/tests/keysigner.c b/bin/tests/keysigner.c index 08fafc60b6..1db76670ea 100644 --- a/bin/tests/keysigner.c +++ b/bin/tests/keysigner.c @@ -32,6 +32,7 @@ #include #include #include +#include #define PROGRAM "keysigner" @@ -52,8 +53,14 @@ static isc_mem_t *mctx = NULL; static keylist_t keylist; static inline void -fatal(char *message) { - fprintf(stderr, "%s: %s\n", PROGRAM, message); +fatal(char *format, ...) { + va_list args; + + fprintf(stderr, "%s: ", PROGRAM); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); exit(1); } @@ -66,6 +73,39 @@ check_result(isc_result_t result, char *message) { } } +/* Not thread-safe! */ +static char * +nametostr(dns_name_t *name) { + isc_buffer_t b; + isc_region_t r; + isc_result_t result; + static char data[1025]; + + isc_buffer_init(&b, data, sizeof(data)); + result = dns_name_totext(name, ISC_FALSE, &b); + check_result(result, "dns_name_totext()"); + isc_buffer_usedregion(&b, &r); + r.base[r.length] = 0; + return (char *) r.base; +} + +/* Not thread-safe! */ +static char * +algtostr(const dns_secalg_t alg) { + isc_buffer_t b; + isc_region_t r; + isc_result_t result; + static char data[10]; + + isc_buffer_init(&b, data, sizeof(data)); + result = dns_secalg_totext(alg, &b); + check_result(result, "dns_secalg_totext()"); + isc_buffer_usedregion(&b, &r); + r.base[r.length] = 0; + return (char *) r.base; +} + + static void usage() { fprintf(stderr, "Usage:\n"); @@ -106,15 +146,14 @@ loadkeys(dns_name_t *name, dns_rdataset_t *rdataset) { continue; keynode = isc_mem_get(mctx, sizeof (keynode_t)); if (keynode == NULL) - check_result(ISC_R_NOMEMORY, "isc_mem_get()"); + fatal("out of memory"); keynode->key = key; keynode->verified = ISC_FALSE; ISC_LINK_INIT(keynode, link); ISC_LIST_APPEND(keylist, keynode, link); } - if (result == ISC_R_NOMORE) - result = ISC_R_SUCCESS; - check_result(result, "loadkeys()"); + if (result != ISC_R_NOMORE) + fatal("failure traversing key list"); } static dst_key_t * @@ -170,7 +209,7 @@ main(int argc, char *argv[]) { endp = NULL; verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') - check_result(ISC_R_FAILURE, "strtol()"); + fatal("verbose level must be numeric"); break; default: @@ -206,7 +245,8 @@ main(int argc, char *argv[]) { isc_buffer_init(&b, argv[0], strlen(argv[0]) - 7); isc_buffer_add(&b, strlen(argv[0]) - 7); result = dns_name_fromtext(domain, &b, dns_rootname, ISC_FALSE, NULL); - check_result(result, "dns_name_fromtext()"); + if (result != ISC_R_SUCCESS) + fatal("'%s' does not contain a valid domain name", argv[0]); isc_buffer_init(&b, tdomain, sizeof(tdomain) - 1); result = dns_name_totext(domain, ISC_FALSE, &b); check_result(result, "dns_name_totext()"); @@ -216,7 +256,7 @@ main(int argc, char *argv[]) { output = isc_mem_allocate(mctx, strlen(tdomain) + strlen("signedkey") + 1); if (output == NULL) - check_result(ISC_R_FAILURE, "isc_mem_allocate()"); + fatal("out of memory"); strcpy(output, tdomain); strcat(output, "signedkey"); @@ -226,33 +266,45 @@ main(int argc, char *argv[]) { check_result(result, "dns_db_create()"); result = dns_db_load(db, argv[0]); - check_result(result, "dns_db_load()"); + if (result != ISC_R_SUCCESS) + fatal("failed to load database from '%s': %s", argv[0], + isc_result_totext(result)); version = NULL; dns_db_newversion(db, &version); node = NULL; result = dns_db_findnode(db, domain, ISC_FALSE, &node); - check_result(result, "dns_db_findnode()"); + if (result != ISC_R_SUCCESS) + fatal("failed to find database node '%s': %s", + nametostr(domain), isc_result_totext(result)); dns_rdataset_init(&rdataset); dns_rdataset_init(&sigrdataset); result = dns_db_findrdataset(db, node, version, dns_rdatatype_key, 0, 0, &rdataset, &sigrdataset); - check_result(result, "dns_db_findrdataset()"); + if (result != ISC_R_SUCCESS) + fatal("failed to find rdataset '%s KEY': %s", + nametostr(domain), isc_result_totext(result)); loadkeys(domain, &rdataset); + if (!dns_rdataset_isassociated(&sigrdataset)) + fatal("no SIG KEY set present"); + result = dns_rdataset_first(&sigrdataset); check_result(result, "dns_rdataset_first()"); do { dns_rdataset_current(&sigrdataset, &sigrdata); result = dns_rdata_tostruct(&sigrdata, &sig, mctx); - check_result(result, "dns_rdata_tostruct"); + check_result(result, "dns_rdata_tostruct()"); key = findkey(&sig); result = dns_dnssec_verify(domain, &rdataset, key, ISC_TRUE, mctx, &sigrdata); - check_result(result, "dns_dnssec_verify"); + if (result != ISC_R_SUCCESS) + fatal("signature by key '%s/%s/%d' did not verify: %s", + dst_key_name(key), algtostr(dst_key_alg(key)), + dst_key_id(key), isc_result_totext(result)); dns_rdata_freestruct(&sig); result = dns_rdataset_next(&sigrdataset); } while (result == ISC_R_SUCCESS); @@ -295,20 +347,26 @@ main(int argc, char *argv[]) { key = NULL; result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PRIVATE, mctx, &key); - check_result (result, "dst_key_fromfile()"); + if (result != ISC_R_SUCCESS) + fatal("failed to read key %s/%s/%d from disk: %s", + dst_key_name(key), algtostr(dst_key_alg(key)), + dst_key_id(key), isc_result_totext(result)); isc_mem_put(mctx, namestr, strlen(namestr) + 1); rdata = isc_mem_get(mctx, sizeof(dns_rdata_t)); if (rdata == NULL) - check_result(ISC_R_NOMEMORY, "isc_mem_get()"); + fatal("out of memory"); data = isc_mem_get(mctx, BUFSIZE); if (data == NULL) - check_result(ISC_R_NOMEMORY, "isc_mem_get()"); + fatal("out of memory"); isc_buffer_init(&b, data, BUFSIZE); result = dns_dnssec_sign(domain, &rdataset, key, &sig.timesigned, &sig.timeexpire, mctx, &b, rdata); - check_result (result, "dns_dnssec_sign()"); + if (result != ISC_R_SUCCESS) + fatal("key '%s/%s/%d' failed to sign data: %s", + dst_key_name(key), algtostr(dst_key_alg(key)), + dst_key_id(key), isc_result_totext(result)); ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link); dst_key_free(key); } @@ -323,7 +381,9 @@ main(int argc, char *argv[]) { dns_db_detachnode(db, &node); dns_db_closeversion(db, &version, ISC_TRUE); result = dns_db_dump(db, version, output); - check_result(result, "dns_db_dump()"); + if (result != ISC_R_SUCCESS) + fatal("failed to write database to '%s': %s", + output, isc_result_totext(result)); dns_rdataset_disassociate(&rdataset); dns_rdataset_disassociate(&newsigrdataset); diff --git a/bin/tests/signer.c b/bin/tests/signer.c index 190c1d3d94..9f3f600341 100644 --- a/bin/tests/signer.c +++ b/bin/tests/signer.c @@ -72,8 +72,14 @@ static isc_boolean_t tryverify = ISC_FALSE; static isc_mem_t *mctx = NULL; static inline void -fatal(char *message) { - fprintf(stderr, "%s: %s\n", PROGRAM, message); +fatal(char *format, ...) { + va_list args; + + fprintf(stderr, "%s: ", PROGRAM); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); exit(1); } @@ -102,10 +108,12 @@ static char * nametostr(dns_name_t *name) { isc_buffer_t b; isc_region_t r; + isc_result_t result; static char data[1025]; isc_buffer_init(&b, data, sizeof(data)); - dns_name_totext(name, ISC_FALSE, &b); + result = dns_name_totext(name, ISC_FALSE, &b); + check_result(result, "dns_name_totext()"); isc_buffer_usedregion(&b, &r); r.base[r.length] = 0; return (char *) r.base; @@ -116,10 +124,12 @@ static char * typetostr(const dns_rdatatype_t type) { isc_buffer_t b; isc_region_t r; + isc_result_t result; static char data[10]; isc_buffer_init(&b, data, sizeof(data)); - dns_rdatatype_totext(type, &b); + result = dns_rdatatype_totext(type, &b); + check_result(result, "dns_rdatatype_totext()"); isc_buffer_usedregion(&b, &r); r.base[r.length] = 0; return (char *) r.base; @@ -130,10 +140,12 @@ static char * algtostr(const dns_secalg_t alg) { isc_buffer_t b; isc_region_t r; + isc_result_t result; static char data[10]; isc_buffer_init(&b, data, sizeof(data)); - dns_secalg_totext(alg, &b); + result = dns_secalg_totext(alg, &b); + check_result(result, "dns_secalg_totext()"); isc_buffer_usedregion(&b, &r); r.base[r.length] = 0; return (char *) r.base; @@ -162,7 +174,10 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata, dns_rdata_init(rdata); result = dns_dnssec_sign(name, rdataset, key, &starttime, &endtime, mctx, b, rdata); - check_result(result, "dns_dnssec_sign()"); + if (result != ISC_R_SUCCESS) + fatal("key '%s/%s/%d' failed to sign data: %s", + dst_key_name(key), algtostr(dst_key_alg(key)), + dst_key_id(key), isc_result_totext(result)); if (tryverify) { result = dns_dnssec_verify(name, rdataset, key, @@ -223,7 +238,7 @@ keythatsigned(dns_rdata_sig_t *sig) { key = isc_mem_get(mctx, sizeof(signer_key_t)); if (key == NULL) - check_result(ISC_R_FAILURE, "isc_mem_get"); + fatal("out of memory"); result = dst_key_fromfile(keyname, sig->keyid, sig->algorithm, DST_TYPE_PRIVATE, mctx, &privkey); @@ -262,7 +277,8 @@ expecttofindkey(dns_name_t *name, dns_db_t *db, dns_dbversion_t *version) { case DNS_R_DNAME: return ISC_FALSE; default: - check_result(result, "dns_db_find"); + fatal("failure looking for '%s KEY' in database: %s", + nametostr(name), isc_result_totext(result)); return ISC_FALSE; /* removes a warning */ } } @@ -282,7 +298,7 @@ setverifies(dns_name_t *name, dns_rdataset_t *set, signer_key_t *key, tdata = isc_mem_get(mctx, sizeof(signer_array_t)); \ ISC_LIST_APPEND(arraylist, tdata, link); \ if (trdata == NULL || tdata == NULL) \ - check_result(ISC_R_FAILURE, "isc_mem_get"); \ + fatal("out of memory"); \ isc_buffer_init(&b, tdata->array, sizeof(tdata->array)); /* @@ -320,7 +336,10 @@ signset(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, result = ISC_R_SUCCESS; nosigs = ISC_TRUE; } - check_result(result, "dns_db_findrdataset()"); + if (result != ISC_R_SUCCESS) + fatal("failed while looking for '%s SIG %s': %s", + nametostr(name), typetostr(set->type), + isc_result_totext(result)); vbprintf(1, "%s/%s:\n", nametostr(name), typetostr(set->type)); @@ -551,7 +570,8 @@ hasnullkey(dns_rdataset_t *rdataset) { dns_rdataset_current(rdataset, &rdata); result = dns_dnssec_keyfromrdata(dns_rootname, &rdata, mctx, &key); - check_result(result, "dns_dnssec_keyfromrdata()"); + if (result != ISC_R_SUCCESS) + fatal("could not convert KEY into internal format"); if (dst_key_isnullkey(key)) found = ISC_TRUE; dst_key_free(key); @@ -560,7 +580,7 @@ hasnullkey(dns_rdataset_t *rdataset) { result = dns_rdataset_next(rdataset); } if (result != ISC_R_NOMORE) - check_result(result, "iteration over keys"); + fatal("failure looking for null keys"); return (ISC_FALSE); } #endif @@ -610,11 +630,11 @@ importparentsig(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, dns_rdata_init(&newrdata); result = dns_rdataset_first(set); - check_result(result, "dns_rdata_first()"); + check_result(result, "dns_rdataset_first()"); for (; result == ISC_R_SUCCESS; result = dns_rdataset_next(set)) { dns_rdataset_current(set, &rdata); result = dns_rdataset_first(&newset); - check_result(result, "dns_rdata_first()"); + check_result(result, "dns_rdataset_first()"); for (; result == ISC_R_SUCCESS; result = dns_rdataset_next(&newset)) @@ -850,7 +870,10 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, if (result == ISC_R_NOTFOUND) result = ISC_R_SUCCESS; - check_result(result, "dns_db_findrdataset"); + if (result != ISC_R_SUCCESS) + fatal("failure looking for null key " + "at '%s': %s", nametostr(name), + isc_result_totext(result)); if (dns_rdataset_isassociated(&keyset)) dns_rdataset_disassociate(&keyset); @@ -866,7 +889,8 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, DNS_KEYTYPE_NOKEY, DNS_KEYPROTO_DNSSEC, mctx, &dstkey); - check_result(result, "dst_key_generate"); + if (result != ISC_R_SUCCESS) + fatal("failed to generate null key"); isc_buffer_init(&b, keydata, sizeof keydata); result = dst_key_todns(dstkey, &b); dst_key_free(dstkey); @@ -907,7 +931,8 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, result = dns_rdatasetiter_next(rdsiter); } if (result != ISC_R_NOMORE) - fatal("rdataset iteration failed"); + fatal("rdataset iteration for name '%s' failed: %s", + nametostr(name), isc_result_totext(result)); dns_rdatasetiter_destroy(&rdsiter); } @@ -934,7 +959,8 @@ active_node(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) { result = ISC_R_NOMORE; } if (result != ISC_R_NOMORE) - fatal("rdataset iteration failed"); + fatal("rdataset iteration failed: %s", + isc_result_totext(result)); dns_rdatasetiter_destroy(&rdsiter); if (!active) { @@ -1023,12 +1049,14 @@ signzone(dns_db_t *db, dns_dbversion_t *version) { dns_rdataset_init(&soaset); result = dns_db_find(db, origin, version, dns_rdatatype_soa, 0, 0, NULL, name, &soaset, NULL); - check_result(result, "dns_db_find"); + if (result != ISC_R_SUCCESS) + fatal("failed to find '%s SOA' in the zone: %s", + nametostr(name), isc_result_totext(result)); result = dns_rdataset_first(&soaset); - check_result(result, "dns_rdataset_first"); + check_result(result, "dns_rdataset_first()"); dns_rdataset_current(&soaset, &soarr); result = dns_rdata_tostruct(&soarr, &soa, mctx); - check_result(result, "dns_rdataset_tostruct"); + check_result(result, "dns_rdataset_tostruct()"); zonettl = soa.minimum; dns_rdata_freestruct(&soa); dns_rdataset_disassociate(&soaset); @@ -1065,7 +1093,8 @@ signzone(dns_db_t *db, dns_dbversion_t *version) { result = dns_rdatasetiter_next(rdsiter); } if (result != ISC_R_SUCCESS && result != ISC_R_NOMORE) - fatal("rdataset iteration failed"); + fatal("rdataset iteration failed: %s", + isc_result_totext(result)); if (result == ISC_R_SUCCESS) { if (lastcut != NULL) dns_name_free(lastcut, mctx); @@ -1073,11 +1102,11 @@ signzone(dns_db_t *db, dns_dbversion_t *version) { lastcut = isc_mem_get(mctx, sizeof(dns_name_t)); if (lastcut == NULL) - fatal("allocation failure"); + fatal("out of memory"); } dns_name_init(lastcut, NULL); result = dns_name_dup(curname, mctx, lastcut); - check_result(result, "dns_name_dup"); + check_result(result, "dns_name_dup()"); } dns_rdatasetiter_destroy(&rdsiter); } @@ -1091,7 +1120,8 @@ signzone(dns_db_t *db, dns_dbversion_t *version) { target = origin; else { target = NULL; /* Make compiler happy. */ - fatal("db iteration failed"); + fatal("iterating through the database failed: %s", + isc_result_totext(result)); } nxtresult = dns_buildnxt(db, version, node, target, zonettl); check_result(nxtresult, "dns_buildnxt()"); @@ -1102,7 +1132,8 @@ signzone(dns_db_t *db, dns_dbversion_t *version) { node = nextnode; } if (result != ISC_R_NOMORE) - fatal("db iteration failed"); + fatal("iterating through the database failed: %s", + isc_result_totext(result)); if (lastcut != NULL) { dns_name_free(lastcut, mctx); isc_mem_put(mctx, lastcut, sizeof(dns_name_t)); @@ -1126,7 +1157,9 @@ loadzone(char *file, char *origin, dns_zone_t **zone) { dns_name_init(&name, NULL); result = dns_name_fromtext(&name, &b, dns_rootname, ISC_FALSE, &b2); - check_result(result, "dns_name_fromtext()"); + if (result != ISC_R_SUCCESS) + fatal("failed converting name '%s' to dns format: %s", + origin, isc_result_totext(result)); result = dns_zone_create(zone, mctx); check_result(result, "dns_zone_create()"); @@ -1145,7 +1178,9 @@ loadzone(char *file, char *origin, dns_zone_t **zone) { dns_zone_setclass(*zone, dns_rdataclass_in); /* XXX */ result = dns_zone_load(*zone); - check_result(result, "dns_zone_load()"); + if (result != ISC_R_SUCCESS) + fatal("failed loading zone from '%s': %s", + file, isc_result_totext(result)); } static void @@ -1176,20 +1211,24 @@ loadzonekeys(dns_db_t *db, dns_dbversion_t *version) { node = NULL; result = dns_db_findnode(db, origin, ISC_FALSE, &node); - check_result(result, "dns_db_findnode()"); + if (result != ISC_R_SUCCESS) + fatal("failed to find the zone's origin: %s", + isc_result_totext(result)); result = dns_dnssec_findzonekeys(db, version, node, origin, mctx, 20, keys, &nkeys); if (result == ISC_R_NOTFOUND) result = ISC_R_SUCCESS; - check_result(result, "dns_dnssec_findzonekeys()"); + if (result != ISC_R_SUCCESS) + fatal("failed to find the zone keys: %s", + isc_result_totext(result)); for (i = 0; i < nkeys; i++) { signer_key_t *key; key = isc_mem_get(mctx, sizeof(signer_key_t)); if (key == NULL) - check_result(ISC_R_FAILURE, "isc_mem_get(key)"); + fatal("out of memory"); key->key = keys[i]; key->isdefault = ISC_FALSE; @@ -1209,7 +1248,9 @@ dumpzone(dns_zone_t *zone, char *filename) { exit(-1); } result = dns_zone_dumptostream(zone, fp); - check_result(result, "dns_zone_dump"); + if (result != ISC_R_SUCCESS) + fatal("failed to write new database to '%s': %s", + filename, isc_result_totext(result)); fclose(fp); } @@ -1229,10 +1270,11 @@ strtotime(char *str, isc_int64_t now, isc_int64_t base) { } else { result = dns_time64_fromtext(str, &val); - check_result(result, "dns_time64_fromtext()"); + if (result != ISC_R_SUCCESS) + fatal("time %s must be numeric", str); } if (*endp != '\0') - check_result(ISC_R_FAILURE, "strtol()"); + fatal("time value %s is invalid", str); return ((isc_stdtime_t) val); } @@ -1324,7 +1366,8 @@ main(int argc, char *argv[]) { dns_result_register(); result = isc_mem_create(0, 0, &mctx); - check_result(result, "isc_mem_create()"); + if (result != ISC_R_SUCCESS) + fatal("out of memory"); while ((ch = isc_commandline_parse(argc, argv, "s:e:c:v:o:f:ah")) != -1) { @@ -1333,46 +1376,42 @@ main(int argc, char *argv[]) { startstr = isc_mem_strdup(mctx, isc_commandline_argument); if (startstr == NULL) - check_result(ISC_R_FAILURE, - "isc_mem_strdup()"); + fatal("out of memory"); break; case 'e': endstr = isc_mem_strdup(mctx, isc_commandline_argument); if (endstr == NULL) - check_result(ISC_R_FAILURE, - "isc_mem_strdup()"); + fatal("out of memory"); break; case 'c': endp = NULL; cycle = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') - check_result(ISC_R_FAILURE, "strtol()"); + fatal("cycle period must be numeric"); break; case 'v': endp = NULL; verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') - check_result(ISC_R_FAILURE, "strtol()"); + fatal("verbose level must be numeric"); break; case 'o': origin = isc_mem_strdup(mctx, isc_commandline_argument); if (origin == NULL) - check_result(ISC_R_FAILURE, - "isc_mem_strdup()"); + fatal("out of memory"); break; case 'f': output = isc_mem_strdup(mctx, isc_commandline_argument); if (output == NULL) - check_result(ISC_R_FAILURE, - "isc_mem_strdup()"); + fatal("out of memory"); break; case 'a': @@ -1431,7 +1470,7 @@ main(int argc, char *argv[]) { file = isc_mem_strdup(mctx, argv[0]); if (file == NULL) - check_result(ISC_R_FAILURE, "isc_mem_strdup()"); + fatal("out of memory"); argc -= 1; argv += 1; @@ -1440,14 +1479,14 @@ main(int argc, char *argv[]) { output = isc_mem_allocate(mctx, strlen(file) + strlen(".signed") + 1); if (output == NULL) - check_result(ISC_R_FAILURE, "isc_mem_allocate()"); + fatal("out of memory"); sprintf(output, "%s.signed", file); } if (origin == NULL) { origin = isc_mem_allocate(mctx, strlen(file) + 2); if (origin == NULL) - check_result(ISC_R_FAILURE, "isc_mem_allocate()"); + fatal("out of memory"); strcpy(origin, file); if (file[strlen(file) - 1] != '.') strcat(origin, "."); @@ -1496,9 +1535,12 @@ main(int argc, char *argv[]) { { key->isdefault = ISC_TRUE; if (!dst_key_isprivate(dkey)) - check_result - (DST_R_NOTPRIVATEKEY, - "key specify"); + fatal("cannot sign zone with " + "non-private key " + "'%s/%s/%d'", + dst_key_name(dkey), + algtostr(dst_key_alg(dkey)), + dst_key_id(dkey)); break; } key = ISC_LIST_NEXT(key, link); @@ -1508,11 +1550,14 @@ main(int argc, char *argv[]) { result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PRIVATE, mctx, &dkey); - check_result (result, "dst_key_fromfile"); + if (result != ISC_R_SUCCESS) + fatal("failed to load key '%s/%s/%d' " + "from disk: %s", namestr, + algtostr(alg), id, + isc_result_totext(result)); key = isc_mem_get(mctx, sizeof(signer_key_t)); if (key == NULL) - check_result(ISC_R_FAILURE, - "isc_mem_get"); + fatal("out of memory"); key->key = dkey; key->isdefault = ISC_TRUE; ISC_LIST_APPEND(keylist, key, link);