Change the zoneverify.c to print the information to user supplied function

The lib/dns/zoneverify.c output was hardwired to stderr, which was inconsistent with lib/dns/dnssec.c. This commit changes zoneverify.c to print the normal run information to caller supplied function - same model as in the lib/dns/dnssec.c.
2025-08-30 05:57:52 +00:00 · 2019-07-21 08:07:20 -04:00 · 2019-07-21 08:07:20 -04:00 · ced15edea1
commit ced15edea1
parent 90f4c1c5a2
5 changed files with 49 additions and 57 deletions
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@ -3883,7 +3883,7 @@ main(int argc, char *argv[]) {
 	} else {
 		vresult = dns_zoneverify_dnssec(NULL, gdb, gversion, gorigin,
 						NULL, mctx, ignore_kskflag,
-						keyset_kskonly);
+						keyset_kskonly, report);
 		if (vresult != ISC_R_SUCCESS) {
 			fprintf(output_stdout ? stderr : stdout,
 				"Zone verification failed (%s)\n",
--- a/bin/dnssec/dnssec-verify.c
+++ b/bin/dnssec/dnssec-verify.c
@ -78,6 +78,15 @@ static dns_name_t *gorigin;		/* The database origin */
 static bool ignore_kskflag = false;
 static bool keyset_kskonly = false;
 static void
 report(const char *format, ...) {
 	va_list args;
 	va_start(args, format);
 	vfprintf(stdout, format, args);
 	va_end(args);
 	putc('\n', stdout);
 }
 /*%
 * Load the zone file from disk
 */
@ -304,7 +313,7 @@ main(int argc, char *argv[]) {
 	}
 	gdb = NULL;
-	fprintf(stderr, "Loading zone '%s' from file '%s'\n", origin, file);
+	report("Loading zone '%s' from file '%s'\n", origin, file);
 	loadzone(file, origin, rdclass, &gdb);
 	gorigin = dns_db_origin(gdb);
 	gclass = dns_db_class(gdb);
@ -314,7 +323,8 @@ main(int argc, char *argv[]) {
 	check_result(result, "dns_db_newversion()");
 	result = dns_zoneverify_dnssec(NULL, gdb, gversion, gorigin, NULL,
-				       mctx, ignore_kskflag, keyset_kskonly);
+				       mctx, ignore_kskflag, keyset_kskonly,
 				       report);
 	dns_db_closeversion(gdb, &gversion, false);
 	dns_db_detach(&gdb);
--- a/lib/dns/include/dns/zoneverify.h
+++ b/lib/dns/include/dns/zoneverify.h
@ -43,6 +43,7 @@ isc_result_t
 dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
 		      dns_name_t *origin, dns_keytable_t *secroots,
 		      isc_mem_t *mctx, bool ignore_kskflag,
-		      bool keyset_kskonly);
+		      bool keyset_kskonly,
 		      void (*report)(const char *, ...));
 ISC_LANG_ENDDECLS
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@ -19881,7 +19881,7 @@ dns_zone_verifydb(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver) {
 	origin = dns_db_origin(db);
 	result = dns_zoneverify_dnssec(zone, db, version, origin, secroots,
-				       zone->mctx, true, false);
+				       zone->mctx, true, false, dnssec_report);
 done:
 	if (secroots != NULL) {
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@ -116,23 +116,6 @@ zoneverify_log_error(const vctx_t *vctx, const char *fmt, ...) {
 	va_end(ap);
 }
 /*%
 * If invoked from a standalone tool, print a message described by 'fmt' and
 * the variable arguments following it to stderr.
 */
 static void
 zoneverify_print(const vctx_t *vctx, const char *fmt, ...) {
 	va_list ap;
 	if (vctx->zone != NULL) {
 		return;
 	}
 	va_start(ap, fmt);
 	vfprintf(stderr, fmt, ap);
 	va_end(ap);
 }
 static bool
 is_delegation(const vctx_t *vctx, const dns_name_t *name, dns_dbnode_t *node,
 	      uint32_t *ttlp)
@ -1679,13 +1662,13 @@ check_dnskey(vctx_t *vctx) {
 static void
 determine_active_algorithms(vctx_t *vctx, bool ignore_kskflag,
-			    bool keyset_kskonly)
+			    bool keyset_kskonly,
 			    void (*report)(const char *, ...))
 {
 	char algbuf[DNS_SECALG_FORMATSIZE];
 	int i;
-	zoneverify_print(vctx,
+	report("Verifying the zone using the following algorithms:");
 			 "Verifying the zone using the following algorithms:");
 	for (i = 0; i < 256; i++) {
 		if (ignore_kskflag) {
@ -1698,10 +1681,10 @@ determine_active_algorithms(vctx_t *vctx, bool ignore_kskflag,
 		}
 		if (vctx->act_algorithms[i] != 0) {
 			dns_secalg_format(i, algbuf, sizeof(algbuf));
-			zoneverify_print(vctx, " %s", algbuf);
+			report(" %s", algbuf);
 		}
 	}
-	zoneverify_print(vctx, ".\n");
+	report(".\n");
 	if (ignore_kskflag || keyset_kskonly) {
 		return;
@ -1930,7 +1913,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
 }
 static isc_result_t
-check_bad_algorithms(const vctx_t *vctx) {
+check_bad_algorithms(const vctx_t *vctx, void (*report)(const char *, ...)) {
 	char algbuf[DNS_SECALG_FORMATSIZE];
 	bool first = true;
 	int i;
@ -1940,28 +1923,27 @@ check_bad_algorithms(const vctx_t *vctx) {
 			continue;
 		}
 		if (first) {
-			zoneverify_print(vctx,
+			report("The zone is not fully signed "
-					 "The zone is not fully signed for "
+			       "for the following algorithms:");
 					 "the following algorithms:");
 		}
 		dns_secalg_format(i, algbuf, sizeof(algbuf));
-		zoneverify_print(vctx, " %s", algbuf);
+		report(" %s", algbuf);
 		first = false;
 	}
 	if (!first) {
-		zoneverify_print(vctx, ".\n");
+		report(".\n");
 	}
 	return (first ? ISC_R_SUCCESS : ISC_R_FAILURE);
 }
 static void
-print_summary(const vctx_t *vctx, bool keyset_kskonly) {
+print_summary(const vctx_t *vctx, bool keyset_kskonly, void (*report)(const char *, ...)) {
 	char algbuf[DNS_SECALG_FORMATSIZE];
 	int i;
-	zoneverify_print(vctx, "Zone fully signed:\n");
+	report("Zone fully signed:\n");
 	for (i = 0; i < 256; i++) {
 		if ((vctx->ksk_algorithms[i] == 0) &&
 		    (vctx->standby_ksk[i] == 0) &&
@ -1973,20 +1955,18 @@ print_summary(const vctx_t *vctx, bool keyset_kskonly) {
 			continue;
 		}
 		dns_secalg_format(i, algbuf, sizeof(algbuf));
-		zoneverify_print(vctx,
+		report("Algorithm: %s: KSKs: "
-				 "Algorithm: %s: KSKs: "
+		       "%u active, %u stand-by, %u revoked\n",
-				 "%u active, %u stand-by, %u revoked\n",
+		       algbuf, vctx->ksk_algorithms[i],
-				 algbuf, vctx->ksk_algorithms[i],
+		       vctx->standby_ksk[i],
-				 vctx->standby_ksk[i],
+		       vctx->revoked_ksk[i]);
-				 vctx->revoked_ksk[i]);
+		report("%*sZSKs: "
-		zoneverify_print(vctx,
+		       "%u active, %u %s, %u revoked\n",
-				 "%*sZSKs: "
+		       (int)strlen(algbuf) + 13, "",
-				 "%u active, %u %s, %u revoked\n",
+		       vctx->zsk_algorithms[i],
-				 (int)strlen(algbuf) + 13, "",
+		       vctx->standby_zsk[i],
-				 vctx->zsk_algorithms[i],
+		       keyset_kskonly ? "present" : "stand-by",
-				 vctx->standby_zsk[i],
+		       vctx->revoked_zsk[i]);
 				 keyset_kskonly ? "present" : "stand-by",
 				 vctx->revoked_zsk[i]);
 	}
 }
@ -1994,7 +1974,8 @@ isc_result_t
 dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
 		      dns_name_t *origin, dns_keytable_t *secroots,
 		      isc_mem_t *mctx, bool ignore_kskflag,
-		      bool keyset_kskonly)
+		      bool keyset_kskonly,
 		      void (*report)(const char *, ...))
 {
 	const char *keydesc = (secroots == NULL ? "self-signed" : "trusted");
 	isc_result_t result, vresult = ISC_R_UNSET;
@ -2028,7 +2009,8 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
 		goto done;
 	}
-	determine_active_algorithms(&vctx, ignore_kskflag, keyset_kskonly);
+	determine_active_algorithms(&vctx, ignore_kskflag, keyset_kskonly,
 				    report);
 	result = verify_nodes(&vctx, &vresult);
 	if (result != ISC_R_SUCCESS) {
@ -2043,22 +2025,21 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
 		vresult = result;
 	}
-	result = check_bad_algorithms(&vctx);
+	result = check_bad_algorithms(&vctx, report);
 	if (result != ISC_R_SUCCESS) {
-		zoneverify_print(&vctx, "DNSSEC completeness test failed.\n");
+		report("DNSSEC completeness test failed.\n");
 		goto done;
 	}
 	result = vresult;
 	if (result != ISC_R_SUCCESS) {
-		zoneverify_print(&vctx,
+		report("DNSSEC completeness test failed (%s).\n",
-				 "DNSSEC completeness test failed (%s).\n",
+		       dns_result_totext(result));
 				 dns_result_totext(result));
 		goto done;
 	}
 	if (vctx.goodksk || ignore_kskflag) {
-		print_summary(&vctx, keyset_kskonly);
+		print_summary(&vctx, keyset_kskonly, report);
 	}
 done: