From aa232396eeb4b4f89ec47cbefcb4b41698055ea9 Mon Sep 17 00:00:00 2001 From: Mukund Sivaraman Date: Tue, 10 Jun 2014 19:18:34 +0530 Subject: [PATCH] [24702] Include key filename in logged message Squashed commit of the following: commit 593e6bc7e29938ff5c2f7508bde303fb069a97a9 Author: Mukund Sivaraman Date: Tue Jun 10 19:17:40 2014 +0530 Increase size of filename buffers commit b8685678e026ba98b8833e26664193b6345eb00e Author: Evan Hunt Date: Wed Jun 4 18:57:44 2014 -0700 [rt24702] some tweaks during review commit adfbc8f808716c63e9e097d92beef104527e5c6f Author: Mukund Sivaraman Date: Wed Jun 4 18:18:35 2014 +0530 [24702] Include key filename in logged message commit f1eff77e7e3704b145c3d65101a735467dd81dc3 Author: Mukund Sivaraman Date: Wed Jun 4 18:12:43 2014 +0530 Add dst_key_getfilename() --- lib/dns/dnssec.c | 76 ++++++++++++++++++++++++++----------- lib/dns/dst_api.c | 65 ++++++++++++++++++++++--------- lib/dns/include/dst/dst.h | 25 +++++++++++- lib/dns/win32/libdns.def.in | 1 + 4 files changed, 126 insertions(+), 41 deletions(-) diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index 86365225d0..2b3db8f899 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -15,10 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* - * $Id$ - */ - /*! \file */ #include @@ -739,18 +735,36 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, } if (result != ISC_R_SUCCESS) { - char keybuf[DNS_NAME_FORMATSIZE]; - char algbuf[DNS_SECALG_FORMATSIZE]; - dns_name_format(dst_key_name(pubkey), keybuf, - sizeof(keybuf)); - dns_secalg_format(dst_key_alg(pubkey), algbuf, - sizeof(algbuf)); + char filename[ISC_DIR_NAMEMAX]; + isc_result_t result2; + isc_buffer_t buf; + + isc_buffer_init(&buf, filename, ISC_DIR_NAMEMAX); + result2 = dst_key_getfilename(dst_key_name(pubkey), + dst_key_id(pubkey), + dst_key_alg(pubkey), + (DST_TYPE_PUBLIC | + DST_TYPE_PRIVATE), + directory, mctx, + &buf); + if (result2 != ISC_R_SUCCESS) { + char namebuf[DNS_NAME_FORMATSIZE]; + char algbuf[DNS_SECALG_FORMATSIZE]; + + dns_name_format(dst_key_name(pubkey), + namebuf, sizeof(namebuf)); + dns_secalg_format(dst_key_alg(pubkey), + algbuf, sizeof(algbuf)); + snprintf(filename, sizeof(filename) - 1, + "key file for %s/%s/%d", + namebuf, algbuf, dst_key_id(pubkey)); + } + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_DNSSEC, ISC_LOG_WARNING, "dns_dnssec_findzonekeys2: error " - "reading private key file %s/%s/%d: %s", - keybuf, algbuf, dst_key_id(pubkey), - isc_result_totext(result)); + "reading %s: %s", + filename, isc_result_totext(result)); } if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) { @@ -1597,18 +1611,36 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin, } if (result != ISC_R_SUCCESS) { - char keybuf[DNS_NAME_FORMATSIZE]; - char algbuf[DNS_SECALG_FORMATSIZE]; - dns_name_format(dst_key_name(pubkey), keybuf, - sizeof(keybuf)); - dns_secalg_format(dst_key_alg(pubkey), algbuf, - sizeof(algbuf)); + char filename[ISC_DIR_NAMEMAX]; + isc_result_t result2; + isc_buffer_t buf; + + isc_buffer_init(&buf, filename, ISC_DIR_NAMEMAX); + result2 = dst_key_getfilename(dst_key_name(pubkey), + dst_key_id(pubkey), + dst_key_alg(pubkey), + (DST_TYPE_PUBLIC | + DST_TYPE_PRIVATE), + directory, mctx, + &buf); + if (result2 != ISC_R_SUCCESS) { + char namebuf[DNS_NAME_FORMATSIZE]; + char algbuf[DNS_SECALG_FORMATSIZE]; + + dns_name_format(dst_key_name(pubkey), + namebuf, sizeof(namebuf)); + dns_secalg_format(dst_key_alg(pubkey), + algbuf, sizeof(algbuf)); + snprintf(filename, sizeof(filename) - 1, + "key file for %s/%s/%d", + namebuf, algbuf, dst_key_id(pubkey)); + } + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_DNSSEC, ISC_LOG_WARNING, "dns_dnssec_keylistfromrdataset: error " - "reading private key file %s/%s/%d: %s", - keybuf, algbuf, dst_key_id(pubkey), - isc_result_totext(result)); + "reading %s: %s", + filename, isc_result_totext(result)); } if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) { diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index 4e662ca8af..4fd70e2289 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -504,15 +504,41 @@ dst_key_isexternal(dst_key_t *key) { return (key->external); } +isc_result_t +dst_key_getfilename(dns_name_t *name, dns_keytag_t id, + unsigned int alg, int type, const char *directory, + isc_mem_t *mctx, isc_buffer_t *buf) +{ + isc_result_t result; + + REQUIRE(dst_initialized == ISC_TRUE); + REQUIRE(dns_name_isabsolute(name)); + REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0); + REQUIRE(mctx != NULL); + REQUIRE(buf != NULL); + + CHECKALG(alg); + + result = buildfilename(name, id, alg, type, directory, buf); + if (result == ISC_R_SUCCESS) { + if (isc_buffer_availablelength(buf) > 0) + isc_buffer_putuint8(buf, 0); + else + result = ISC_R_NOSPACE; + } + + return (result); +} + isc_result_t dst_key_fromfile(dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, const char *directory, isc_mem_t *mctx, dst_key_t **keyp) { - char filename[ISC_DIR_NAMEMAX]; - isc_buffer_t b; - dst_key_t *key; isc_result_t result; + char filename[ISC_DIR_NAMEMAX]; + isc_buffer_t buf; + dst_key_t *key; REQUIRE(dst_initialized == ISC_TRUE); REQUIRE(dns_name_isabsolute(name)); @@ -522,30 +548,35 @@ dst_key_fromfile(dns_name_t *name, dns_keytag_t id, CHECKALG(alg); - isc_buffer_init(&b, filename, sizeof(filename)); - result = buildfilename(name, id, alg, type, directory, &b); - if (result != ISC_R_SUCCESS) - return (result); - key = NULL; - result = dst_key_fromnamedfile(filename, NULL, type, mctx, &key); + + isc_buffer_init(&buf, filename, ISC_DIR_NAMEMAX); + result = dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf); if (result != ISC_R_SUCCESS) - return (result); + goto out; + + result = dst_key_fromnamedfile(filename, directory, type, mctx, &key); + if (result != ISC_R_SUCCESS) + goto out; result = computeid(key); - if (result != ISC_R_SUCCESS) { - dst_key_free(&key); - return (result); - } + if (result != ISC_R_SUCCESS) + goto out; if (!dns_name_equal(name, key->key_name) || id != key->key_id || alg != key->key_alg) { - dst_key_free(&key); - return (DST_R_INVALIDPRIVATEKEY); + result = DST_R_INVALIDPRIVATEKEY; + goto out; } *keyp = key; - return (ISC_R_SUCCESS); + result = ISC_R_SUCCESS; + + out: + if ((key != NULL) && (result != ISC_R_SUCCESS)) + dst_key_free(&key); + + return (result); } isc_result_t diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h index 805f8c07b0..080b405480 100644 --- a/lib/dns/include/dst/dst.h +++ b/lib/dns/include/dst/dst.h @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst.h,v 1.34 2011/10/20 21:20:02 marka Exp $ */ - #ifndef DST_DST_H #define DST_DST_H 1 @@ -301,6 +299,29 @@ dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv, * \li If successful, secret will contain the derived shared secret. */ +isc_result_t +dst_key_getfilename(dns_name_t *name, dns_keytag_t id, unsigned int alg, + int type, const char *directory, + isc_mem_t *mctx, isc_buffer_t *buf); +/*%< + * Generates a key filename for the name, algorithm, and + * id, and places it in the buffer 'buf'. If directory is NULL, the + * current directory is assumed. + * + * Requires: + * \li "name" is a valid absolute dns name. + * \li "id" is a valid key tag identifier. + * \li "alg" is a supported key algorithm. + * \li "type" is DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or the bitwise union. + * DST_TYPE_KEY look for a KEY record otherwise DNSKEY + * \li "mctx" is a valid memory context. + * \li "buf" is not NULL. + * + * Returns: + * \li ISC_R_SUCCESS + * \li any other result indicates failure + */ + isc_result_t dst_key_fromfile(dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, const char *directory, isc_mem_t *mctx, dst_key_t **keyp); diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in index b3b71d30f9..838b403e4f 100644 --- a/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in @@ -1109,6 +1109,7 @@ dst_key_fromlabel dst_key_fromnamedfile dst_key_generate dst_key_generate2 +dst_key_getfilename dst_key_getprivateformat dst_key_gettime dst_key_getttl