diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 34095c0db4..4428e3d000 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -18046,8 +18046,11 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { INSIST(task == zone->task); + isc_event_free(&event); + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) { - CHECK(ISC_R_CANCELED); + zone_xfrdone(zone, ISC_R_CANCELED); + return; } TIME_NOW(&now); @@ -18061,7 +18064,8 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { "got_transfer_quota: skipping zone transfer as " "primary %s (source %s) is unreachable (cached)", primary, source); - CHECK(ISC_R_CANCELED); + zone_xfrdone(zone, ISC_R_CANCELED); + return; } isc_netaddr_fromsockaddr(&primaryip, &zone->primaryaddr); @@ -18141,11 +18145,11 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { dns_name_t *keyname = zone->primarykeynames[zone->curprimary]; result = dns_view_gettsig(view, keyname, &zone->tsigkey); } - if (zone->tsigkey == NULL) { + if (result != ISC_R_SUCCESS) { + INSIST(zone->tsigkey == NULL); result = dns_view_getpeertsig(zone->view, &primaryip, &zone->tsigkey); } - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_ERROR, "could not get TSIG key for zone transfer: %s", @@ -18153,10 +18157,8 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { } /* - * Get the TLS transport for the primary, if configured + * Get the TLS transport for the primary, if configured. */ - result = ISC_R_NOTFOUND; - if ((zone->primarytlsnames != NULL) && (zone->primarytlsnames[zone->curprimary] != NULL)) { @@ -18164,17 +18166,13 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { dns_name_t *tlsname = zone->primarytlsnames[zone->curprimary]; result = dns_view_gettransport(view, DNS_TRANSPORT_TLS, tlsname, &zone->transport); - - dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_INFO, - "got TLS configuration for zone transfer: %s", - isc_result_totext(result)); - } - - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - dns_zone_logc( - zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_ERROR, - "could not get TLS configuration for zone transfer: %s", - isc_result_totext(result)); + if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { + dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, + ISC_LOG_ERROR, + "could not get TLS configuration for " + "zone transfer: %s", + isc_result_totext(result)); + } } LOCK_ZONE(zone); @@ -18189,13 +18187,23 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { zmgr_tlsctx_attach(zone->zmgr, &zmgr_tlsctx_cache); - CHECK(dns_xfrin_create(zone, xfrtype, &primaryaddr, &sourceaddr, - zone->tsigkey, zone->transport, - zmgr_tlsctx_cache, zone->mctx, - zone->zmgr->netmgr, zone_xfrdone, &zone->xfr)); + result = dns_xfrin_create(zone, xfrtype, &primaryaddr, &sourceaddr, + zone->tsigkey, zone->transport, + zmgr_tlsctx_cache, zone->mctx, + zone->zmgr->netmgr, zone_xfrdone, &zone->xfr); isc_tlsctx_cache_detach(&zmgr_tlsctx_cache); + /* + * Any failure in this function is handled like a failed + * zone transfer. This ensures that we get removed from + * zmgr->xfrin_in_progress. + */ + if (result != ISC_R_SUCCESS) { + zone_xfrdone(zone, result); + return; + } + LOCK_ZONE(zone); if (xfrtype == dns_rdatatype_axfr) { if (isc_sockaddr_pf(&primaryaddr) == PF_INET) { @@ -18211,22 +18219,6 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { } } UNLOCK_ZONE(zone); - -failure: - /* - * Any failure in this function is handled like a failed - * zone transfer. This ensures that we get removed from - * zmgr->xfrin_in_progress. - */ - if (result != ISC_R_SUCCESS) { - zone_xfrdone(zone, result); - } - - if (zmgr_tlsctx_cache != NULL) { - isc_tlsctx_cache_detach(&zmgr_tlsctx_cache); - } - - isc_event_free(&event); } /*