#define CHECK_LOCAL 1
#endif /* ifndef CHECK_LOCAL */
-#define CHECK(r) \
- do { \
- result = (r); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
#define ERR_IS_CNAME 1
#define ERR_NO_ADDRESSES 2
#define ERR_LOOKUP_FAILURE 3
#include "check-tool.h"
-#define CHECK(r) \
- do { \
- result = (r); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
/*% usage */
ISC_NORETURN static void
usage(void);
#include <irs/resconf.h>
-#define CHECK(r) \
- do { \
- result = (r); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
#define MAXNAME (DNS_NAME_MAXTEXT + 1)
#define MAX_QUERIES 50
#define READLINE(lex, opt, token)
-#define NEXTTOKEN(lex, opt, token) \
- { \
- ret = isc_lex_gettoken(lex, opt, token); \
- if (ret != ISC_R_SUCCESS) \
- goto cleanup; \
- }
-
-#define BADTOKEN() \
- { \
- ret = ISC_R_UNEXPECTEDTOKEN; \
- goto cleanup; \
- }
+#define NEXTTOKEN(lex, opt, token) CHECK(isc_lex_gettoken(lex, opt, token))
-#define CHECK(r) \
- ret = (r); \
- if (ret != ISC_R_SUCCESS) { \
- goto fail; \
- }
+#define BADTOKEN() CHECK(ISC_R_UNEXPECTEDTOKEN)
isc_bufferlist_t cleanup_list = ISC_LIST_INITIALIZER;
dns_dnsseckeylist_t keys_read;
dns_dnsseckey_t **keys_sorted;
int i = 0, n = 0;
- isc_result_t ret;
+ isc_result_t result;
ISC_LIST_INIT(*keys);
ISC_LIST_INIT(keys_read);
- ret = dns_dnssec_findmatchingkeys(name, NULL, ksr->keydir, NULL,
- ksr->now, false, isc_g_mctx,
- &keys_read);
- if (ret != ISC_R_SUCCESS && ret != ISC_R_NOTFOUND) {
+ result = dns_dnssec_findmatchingkeys(name, NULL, ksr->keydir, NULL,
+ ksr->now, false, isc_g_mctx,
+ &keys_read);
+ if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
fatal("failed to load existing keys from %s: %s", ksr->keydir,
- isc_result_totext(ret));
+ isc_result_totext(result));
}
/* Sort on keytag. */
ISC_LIST_FOREACH(keys_read, dk, link) {
dst_key_t *key = NULL;
int options = (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE);
isc_buffer_t buf;
- isc_result_t ret;
+ isc_result_t result;
isc_stdtime_t prepub;
uint16_t flags = DNS_KEYOWNER_ZONE;
"Generating key pair for bundle %s: ", timestr);
}
if (ksr->keystore != NULL && ksr->policy != NULL) {
- ret = dns_keystore_keygen(
+ result = dns_keystore_keygen(
ksr->keystore, name, ksr->policy,
dns_rdataclass_in, isc_g_mctx, ksr->alg,
ksr->size, flags, &key);
} else if (show_progress) {
- ret = dst_key_generate(name, ksr->alg, ksr->size, 0,
- flags, DNS_KEYPROTO_DNSSEC,
- dns_rdataclass_in, NULL,
- isc_g_mctx, &key, &progress);
+ result = dst_key_generate(name, ksr->alg, ksr->size, 0,
+ flags, DNS_KEYPROTO_DNSSEC,
+ dns_rdataclass_in, NULL,
+ isc_g_mctx, &key, &progress);
fflush(stderr);
} else {
- ret = dst_key_generate(name, ksr->alg, ksr->size, 0,
- flags, DNS_KEYPROTO_DNSSEC,
- dns_rdataclass_in, NULL,
- isc_g_mctx, &key, NULL);
+ result = dst_key_generate(name, ksr->alg, ksr->size, 0,
+ flags, DNS_KEYPROTO_DNSSEC,
+ dns_rdataclass_in, NULL,
+ isc_g_mctx, &key, NULL);
}
- if (ret != ISC_R_SUCCESS) {
+ if (result != ISC_R_SUCCESS) {
fatal("failed to generate key %s/%s: %s\n", namestr,
- algstr, isc_result_totext(ret));
+ algstr, isc_result_totext(result));
}
/* Do not overwrite an existing key. */
conflict = true;
if (verbose > 0) {
isc_buffer_clear(&buf);
- ret = dst_key_buildfilename(key, 0, ksr->keydir,
- &buf);
- if (ret == ISC_R_SUCCESS) {
+ result = dst_key_buildfilename(
+ key, 0, ksr->keydir, &buf);
+ if (result == ISC_R_SUCCESS) {
fprintf(stderr,
"%s: %s already exists, or "
"might collide with another "
*expiration = 0;
}
- ret = dst_key_tofile(key, options, ksr->keydir);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_key_tofile(key, options, ksr->keydir);
+ if (result != ISC_R_SUCCESS) {
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(key, keystr, sizeof(keystr));
fatal("failed to write key %s: %s\n", keystr,
- isc_result_totext(ret));
+ isc_result_totext(result));
}
output:
isc_buffer_clear(&buf);
- ret = dst_key_buildfilename(key, 0, NULL, &buf);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_key_buildfilename(key, 0, NULL, &buf);
+ if (result != ISC_R_SUCCESS) {
fatal("dst_key_buildfilename returned: %s\n",
- isc_result_totext(ret));
+ isc_result_totext(result));
}
printf("%s\n", filename);
fflush(stdout);
print_rdata(dns_rdataset_t *rrset) {
isc_buffer_t target;
isc_region_t r;
- isc_result_t ret;
+ isc_result_t result;
char buf[4096];
isc_buffer_init(&target, buf, sizeof(buf));
- ret = dns_rdataset_totext(rrset, name, false, false, &target);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_rdataset_totext(rrset, name, false, false, &target);
+ if (result != ISC_R_SUCCESS) {
fatal("failed to print rdata");
}
isc_buffer_usedregion(&target, &r);
char timestr[26]; /* Minimal buf as per ctime_r() spec. */
dns_rdatalist_t *rdatalist = NULL;
dns_rdataset_t rdataset = DNS_RDATASET_INIT;
- isc_result_t ret = ISC_R_SUCCESS;
+ isc_result_t result = ISC_R_SUCCESS;
isc_stdtime_t next_bundle = next_inception;
isc_stdtime_tostring(inception, timestr, sizeof(timestr));
dns_rdatalist_tordataset(rdatalist, &rdataset);
print_rdata(&rdataset);
-fail:
+cleanup:
/* Cleanup */
freerrset(&rdataset);
- if (ret != ISC_R_SUCCESS) {
+ if (result != ISC_R_SUCCESS) {
fatal("failed to print %s/%s zsk key pair found for bundle %s",
namestr, algstr, timestr);
}
dns_rdataset_t *rrset, dns_dnsseckeylist_t *keys) {
dns_rdatalist_t *rrsiglist = NULL;
dns_rdataset_t rrsigset = DNS_RDATASET_INIT;
- isc_result_t ret;
+ isc_result_t result;
isc_stdtime_t next_bundle = expiration;
UNUSED(ksr);
isc_buffer_init(&timebuf, timestr, sizeof(timestr));
isc_stdtime_tostring(inception, timestr, sizeof(timestr));
isc_buffer_init(&b, utc, sizeof(utc));
- ret = dns_time32_totext(inception, &b);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_time32_totext(inception, &b);
+ if (result != ISC_R_SUCCESS) {
fatal("failed to convert bundle time32 to text: %s",
- isc_result_totext(ret));
+ isc_result_totext(result));
}
isc_buffer_usedregion(&b, &r);
fprintf(stdout, ";; SignedKeyResponse 1.0 %.*s (%s)\n",
rrsig = isc_mem_get(isc_g_mctx, sizeof(*rrsig));
dns_rdata_init(rrsig);
isc_buffer_init(&buf, rdatabuf, sizeof(rdatabuf));
- ret = dns_dnssec_sign(name, rrset, dk->key, &clockskew,
- &expiration, isc_g_mctx, &buf, &rdata);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_dnssec_sign(name, rrset, dk->key, &clockskew,
+ &expiration, isc_g_mctx, &buf, &rdata);
+ if (result != ISC_R_SUCCESS) {
fatal("failed to sign KSR");
}
isc_buffer_usedregion(&buf, &rs);
dns_rdatalist_t *cdnskeylist = isc_mem_get(isc_g_mctx,
sizeof(*cdnskeylist));
dns_rdatalist_t *cdslist = isc_mem_get(isc_g_mctx, sizeof(*cdslist));
- isc_result_t ret = ISC_R_SUCCESS;
+ isc_result_t result = ISC_R_SUCCESS;
isc_stdtime_t next_bundle = next_inception;
dns_rdatalist_init(dnskeylist);
return next_bundle;
-fail:
+cleanup:
fatal("failed to create KSK/CDS/CDNSKEY");
return 0;
}
dns_name_t *dname = NULL;
dns_rdataclass_t rdclass = dns_rdataclass_in;
isc_buffer_t b;
- isc_result_t ret;
+ isc_result_t result;
isc_token_t token;
unsigned int opt = ISC_LEXOPT_EOL;
dname = dns_fixedname_initname(&dfname);
isc_buffer_init(&b, owner, strlen(owner));
isc_buffer_add(&b, strlen(owner));
- ret = dns_name_fromtext(dname, &b, dns_rootname, 0);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_name_fromtext(dname, &b, dns_rootname, 0);
+ if (result != ISC_R_SUCCESS) {
goto cleanup;
}
if (dns_name_compare(dname, name) != 0) {
- ret = DNS_R_BADOWNERNAME;
+ result = DNS_R_BADOWNERNAME;
goto cleanup;
}
isc_buffer_clear(&b);
}
/* If it's a TTL, read the next one */
- ret = dns_ttl_fromtext(&token.value.as_textregion, ttl);
- if (ret == ISC_R_SUCCESS) {
+ result = dns_ttl_fromtext(&token.value.as_textregion, ttl);
+ if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
if (token.type != isc_tokentype_string) {
}
/* If it's a class, read the next one */
- ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
- if (ret == ISC_R_SUCCESS) {
+ result = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
+ if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
if (token.type != isc_tokentype_string) {
BADTOKEN();
}
- ret = dns_rdata_fromtext(NULL, rdclass, dns_rdatatype_dnskey, lex, name,
- 0, isc_g_mctx, buf, NULL);
+ result = dns_rdata_fromtext(NULL, rdclass, dns_rdatatype_dnskey, lex,
+ name, 0, isc_g_mctx, buf, NULL);
cleanup:
isc_lex_setcomments(lex, 0);
- return ret;
+ return result;
}
static void
char utc[sizeof("YYYYMMDDHHSSMM")];
isc_buffer_t b;
isc_region_t r;
- isc_result_t ret;
+ isc_result_t result;
isc_stdtime_tostring(inception, timestr, sizeof(timestr));
isc_buffer_init(&b, utc, sizeof(utc));
- ret = dns_time32_totext(inception, &b);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_time32_totext(inception, &b);
+ if (result != ISC_R_SUCCESS) {
fatal("failed to convert bundle time32 to text: %s",
- isc_result_totext(ret));
+ isc_result_totext(result));
}
isc_buffer_usedregion(&b, &r);
fprintf(stdout, ";; KeySigningRequest 1.0 %.*s (%s)\n",
dns_dnsseckeylist_t keys;
dns_kasp_t *kasp = NULL;
dns_rdatalist_t *rdatalist = NULL;
- isc_result_t ret;
+ isc_result_t result;
isc_stdtime_t inception;
isc_lex_t *lex = NULL;
isc_lexspecials_t specials;
specials[')'] = 1;
specials['"'] = 1;
isc_lex_setspecials(lex, specials);
- ret = isc_lex_openfile(lex, ksr->file);
- if (ret != ISC_R_SUCCESS) {
+ result = isc_lex_openfile(lex, ksr->file);
+ if (result != ISC_R_SUCCESS) {
fatal("unable to open KSR file %s: %s", ksr->file,
- isc_result_totext(ret));
+ isc_result_totext(result));
}
- for (ret = isc_lex_gettoken(lex, opt, &token); ret == ISC_R_SUCCESS;
- ret = isc_lex_gettoken(lex, opt, &token))
+ for (result = isc_lex_gettoken(lex, opt, &token);
+ result == ISC_R_SUCCESS;
+ result = isc_lex_gettoken(lex, opt, &token))
{
if (token.type != isc_tokentype_string) {
fatal("bad KSR file %s(%lu): syntax error", ksr->file,
readline:
/* Read remainder of header line */
do {
- ret = isc_lex_gettoken(lex, opt, &token);
- if (ret != ISC_R_SUCCESS) {
+ result = isc_lex_gettoken(lex, opt, &token);
+ if (result != ISC_R_SUCCESS) {
fatal("bad KSR file %s(%lu): bad "
"header (%s)",
ksr->file,
isc_lex_getsourceline(lex),
- isc_result_totext(ret));
+ isc_result_totext(result));
}
} while (token.type != isc_tokentype_eol);
} else {
rdata = isc_mem_get(isc_g_mctx, sizeof(*rdata));
dns_rdata_init(rdata);
isc_buffer_init(&buf, rdatabuf, sizeof(rdatabuf));
- ret = parse_dnskey(lex, STR(token), &buf, &ttl);
- if (ret != ISC_R_SUCCESS) {
+ result = parse_dnskey(lex, STR(token), &buf, &ttl);
+ if (result != ISC_R_SUCCESS) {
fatal("bad KSR file %s(%lu): bad DNSKEY (%s)",
ksr->file, isc_lex_getsourceline(lex),
- isc_result_totext(ret));
+ isc_result_totext(result));
}
isc_buffer_usedregion(&buf, &r);
isc_buffer_allocate(isc_g_mctx, &newbuf, r.length);
}
}
- if (ret != ISC_R_EOF) {
+ if (result != ISC_R_EOF) {
fatal("bad KSR file %s(%lu): trailing garbage data", ksr->file,
isc_lex_getsourceline(lex));
}
fprintf(stdout, ";; SignedKeyResponse 1.0 generated at %s by %s\n",
timestr, PACKAGE_VERSION);
-fail:
+cleanup:
isc_lex_destroy(&lex);
cleanup(&keys, kasp);
}
int
main(int argc, char *argv[]) {
- isc_result_t ret;
+ isc_result_t result;
isc_buffer_t buf;
int ch;
char *endp;
break;
case 'K':
ksr.keydir = isc_commandline_argument;
- ret = try_dir(ksr.keydir);
- if (ret != ISC_R_SUCCESS) {
+ result = try_dir(ksr.keydir);
+ if (result != ISC_R_SUCCESS) {
fatal("cannot open directory %s: %s",
- ksr.keydir, isc_result_totext(ret));
+ ksr.keydir, isc_result_totext(result));
}
break;
case 'k':
name = dns_fixedname_initname(&fname);
isc_buffer_init(&buf, argv[1], strlen(argv[1]));
isc_buffer_add(&buf, strlen(argv[1]));
- ret = dns_name_fromtext(name, &buf, dns_rootname, 0);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_name_fromtext(name, &buf, dns_rootname, 0);
+ if (result != ISC_R_SUCCESS) {
fatal("invalid zone name %s: %s", argv[1],
- isc_result_totext(ret));
+ isc_result_totext(result));
}
/* command */
#define CLOCKSKEW 300
-#define CHECK(x) \
- { \
- result = (x); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- }
-
static void
free_controlkey(controlkey_t *key, isc_mem_t *mctx) {
if (key->keyname != NULL) {
#include <named/log.h>
#include <named/logconf.h>
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
/*%
* Set up a logging category according to the named.conf data
* in 'ccat' and add it to 'logconfig'.
* Check an operation for failure. Assumes that the function
* using it has a 'result' variable and a 'cleanup' label.
*/
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
#define TCHECK(op) \
do { \
tresult = (op); \
#define STATS_JSON_VERSION_MINOR "8"
#define STATS_JSON_VERSION STATS_JSON_VERSION_MAJOR "." STATS_JSON_VERSION_MINOR
-#define CHECK(m) \
- do { \
- result = (m); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- } while (0)
-
struct named_statschannel {
/* Unlocked */
isc_httpdmgr_t *httpdmgr;
#include <isccfg/cfg.h>
+#include <named/log.h>
#include <named/tkeyconf.h>
void
dns_tkeyctx_t **tctxp) {
isc_result_t result;
dns_tkeyctx_t *tctx = NULL;
- const cfg_obj_t *obj;
+ const cfg_obj_t *obj = NULL;
dns_tkeyctx_create(mctx, &tctx);
- obj = NULL;
result = cfg_map_get(options, "tkey-gssapi-keytab", &obj);
if (result == ISC_R_SUCCESS) {
const char *s = cfg_obj_asstring(obj);
return result;
}
-#define CHECK(f) \
- if ((result = f) != ISC_R_SUCCESS) { \
- goto failure; \
- }
-
static isc_result_t
transport_list_fromconfig(const cfg_obj_t *config, dns_transport_list_t *list) {
const cfg_obj_t *obj = NULL;
allow_update_forwarding
} acl_type_t;
-#define CHECK(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
/*%
* Convenience function for configuring a single zone ACL.
*/
ns_plugins_create(zmctx, &hookdata.plugins);
dns_zone_setplugins(zone, hookdata.plugins, ns_plugins_free);
- result = cfg_pluginlist_foreach(config, tpluginlist, aclctx,
- named_register_one_plugin,
- &hookdata);
- if (result != ISC_R_SUCCESS) {
- return result;
- }
+ RETERR(cfg_pluginlist_foreach(config, tpluginlist, aclctx,
+ named_register_one_plugin,
+ &hookdata));
result = cfg_pluginlist_foreach(config, zpluginlist, aclctx,
named_register_one_plugin,
#include <ns/query.h>
#include <ns/types.h>
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- } while (0)
-
/*
* Possible values for the settings of filter-a-on-v6 and
* filter-a-on-v4: "no" is NONE, "yes" is FILTER, "break-dnssec"
#include <ns/query.h>
#include <ns/types.h>
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- } while (0)
-
/*
* Possible values for the settings of filter-aaaa-on-v4 and
* filter-aaaa-on-v6: "no" is NONE, "yes" is FILTER, "break-dnssec"
#include <ns/hooks.h>
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- } while (0)
-
#define DEFAULT_TTL 300
typedef enum { UNDEFINED, FORWARD, REVERSE } synthrecord_mode_t;
dlz_dlopen_subrdataset_t dlz_subrdataset;
dlz_dlopen_delrdataset_t dlz_delrdataset;
-#define CHECK(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
#define loginfo(...) \
({ \
if ((state != NULL) && (state->log != NULL)) \
const char *helper_name;
va_list ap;
char soa_data[sizeof("@ hostmaster.root 123 900 600 86400 3600")];
- isc_result_t result;
size_t n;
UNUSED(dlzname);
}
if (n >= sizeof(soa_data)) {
- CHECK(ISC_R_NOSPACE);
+ free(state);
+ return ISC_R_NOSPACE;
}
add_name(state, &state->current[0], state->zone_name, "soa", 3600,
*dbdata = state;
return ISC_R_SUCCESS;
-
-failure:
- free(state);
- return result;
}
/*
#include <dns/types.h>
#include "log.h"
-
-#define CLEANUP_WITH(result_code) \
- do { \
- result = (result_code); \
- goto cleanup; \
- } while (0)
-
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
/* Return success if the zone is already in the view as expected. */
result = dns_view_findzone(inst->view, dns_zone_getorigin(zone),
DNS_ZTFIND_EXACT, &zone_in_view);
- if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
- goto cleanup;
+ if (result != ISC_R_NOTFOUND) {
+ CHECK(result);
}
view_in_zone = dns_zone_getview(zone);
/* Zone has a view set -> view should contain the same zone. */
if (zone_in_view == zone) {
/* Zone is already published in the right view. */
- CLEANUP_WITH(ISC_R_SUCCESS);
+ result = ISC_R_SUCCESS;
+ goto cleanup;
} else if (view_in_zone != inst->view) {
/*
* Un-published inactive zone will have
dns_zone_log(zone, ISC_LOG_ERROR,
"zone->view doesn't "
"match data in the view");
- CLEANUP_WITH(ISC_R_UNEXPECTED);
+ CHECK(ISC_R_UNEXPECTED);
}
}
dns_zone_log(zone, ISC_LOG_ERROR,
"cannot publish zone: view already "
"contains another zone with this name");
- CLEANUP_WITH(ISC_R_UNEXPECTED);
+ CHECK(ISC_R_UNEXPECTED);
}
if (inst->view->frozen) {
#include <ns/query.h>
#include <ns/types.h>
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- } while (0)
-
/*
* Persistent data for use by this module. This will be associated
* with client object address in the hash table, and will remain
char *firstlbl;
} syncplugin_t;
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- } while (0)
-
static ns_hookresult_t
syncplugin__hook(void *arg, void *cbdata, isc_result_t *resp) {
query_ctx_t *qctx = (query_ctx_t *)arg;
static isc_result_t
syncplugin__parse_rcode(const cfg_obj_t *syncplugincfg, uint8_t *rcode) {
- isc_result_t result;
+ isc_result_t result = ISC_R_SUCCESS;
const cfg_obj_t *obj = NULL;
const char *rcodestr = NULL;
- result = cfg_map_get(syncplugincfg, "rcode", &obj);
- if (result != ISC_R_SUCCESS) {
- return result;
- }
+ RETERR(cfg_map_get(syncplugincfg, "rcode", &obj));
rcodestr = obj->value.string.base;
#include <dns/types.h>
#include <dns/view.h>
-#define CHECK(str, x) \
+#define CHECKM(str, x) \
{ \
if ((x) != ISC_R_SUCCESS) { \
fprintf(stderr, "I:%s: %s\n", (str), \
result = dns_request_getresponse(request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
- CHECK("dns_request_getresponse", result);
+ CHECKM("dns_request_getresponse", result);
if (response->rcode != dns_rcode_noerror) {
result = dns_result_fromrcode(response->rcode);
result = dns_message_sectiontotext(
response, DNS_SECTION_ANSWER, &dns_master_style_simple,
DNS_MESSAGETEXTFLAG_NOCOMMENTS, &outbuf);
- CHECK("dns_message_sectiontotext", result);
+ CHECKM("dns_message_sectiontotext", result);
printf("%.*s", (int)isc_buffer_usedlength(&outbuf),
(char *)isc_buffer_base(&outbuf));
fflush(stdout);
isc_buffer_add(&buf, strlen(host));
result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
dns_rootname, 0);
- CHECK("dns_name_fromtext", result);
+ CHECKM("dns_name_fromtext", result);
dns_message_create(isc_g_mctx, NULL, NULL, DNS_MESSAGE_INTENTRENDER,
&message);
requestmgr, message, have_src ? &srcaddr : NULL, &dstaddr, NULL,
NULL, DNS_REQUESTOPT_TCP, NULL, TIMEOUT, TIMEOUT, 0, 0,
isc_loop_main(), recvresponse, message, &request);
- CHECK("dns_request_create", result);
+ CHECKM("dns_request_create", result);
return ISC_R_SUCCESS;
}
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.7", &inaddr) != 1) {
- CHECK("inet_pton", result);
+ CHECKM("inet_pton", result);
}
isc_sockaddr_fromin(&srcaddr, &inaddr, 0);
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.4", &inaddr) != 1) {
- CHECK("inet_pton", result);
+ CHECKM("inet_pton", result);
}
isc_sockaddr_fromin(&dstaddr, &inaddr, port);
BIGNUM *e;
EVP_PKEY *pkey;
-#define CHECK(op, msg) \
+#define CHECKM(op, msg) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
name = dns_fixedname_initname(&fname);
isc_buffer_constinit(&buf, "example.", strlen("example."));
isc_buffer_add(&buf, strlen("example."));
- CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL), "dns_name_"
- "fromtext("
- "\"example."
- "\")");
-
- CHECK(dst_key_buildinternal(name, DNS_KEYALG_RSASHA256, bits,
- DNS_KEYOWNER_ZONE, DNS_KEYPROTO_DNSSEC,
- dns_rdataclass_in, pkey, isc_g_mctx, &key),
- "dst_key_buildinternal(...)");
-
- CHECK(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
- "dst_key_tofile()");
+ CHECKM(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL),
+ "dns_name_fromtext(\"example.\")");
+
+ CHECKM(dst_key_buildinternal(name, DNS_KEYALG_RSASHA256, bits,
+ DNS_KEYOWNER_ZONE, DNS_KEYPROTO_DNSSEC,
+ dns_rdataclass_in, pkey, isc_g_mctx, &key),
+ "dst_key_buildinternal(...)");
+
+ CHECKM(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
+ "dst_key_tofile()");
isc_buffer_init(&buf, filename, sizeof(filename) - 1);
isc_buffer_clear(&buf);
- CHECK(dst_key_buildfilename(key, 0, NULL, &buf), "dst_key_"
- "buildfilename()");
+ CHECKM(dst_key_buildfilename(key, 0, NULL, &buf),
+ "dst_key_buildfilename()");
printf("%s\n", filename);
dst_key_free(&key);
#include <dns/types.h>
#include <dns/view.h>
-#define CHECK(str, x) \
+#define CHECKM(str, x) \
{ \
if ((x) != ISC_R_SUCCESS) { \
fprintf(stderr, "mdig: %s failed with %s\n", (str), \
msgbuf = dns_request_getanswer(request);
result = dns_request_getresponse(request, response, parseflags);
- CHECK("dns_request_getresponse", result);
+ CHECKM("dns_request_getresponse", result);
styleflags |= DNS_STYLEFLAG_REL_OWNER;
if (yaml) {
48, 80, 8, display_splitwidth,
isc_g_mctx);
}
- CHECK("dns_master_stylecreate2", result);
+ CHECKM("dns_master_stylecreate2", result);
flags = 0;
if (!display_headers) {
printf(" %s:\n", "response_message_data");
result = dns_message_headertotext(response, style, flags, buf);
- CHECK("dns_message_headertotext", result);
+ CHECKM("dns_message_headertotext", result);
} else if (display_comments && !display_short_form) {
printf(";; Got answer:\n");
isc_buffer_allocate(isc_g_mctx, &buf, len);
goto repopulate_buffer;
}
- CHECK("dns_message_pseudosectiontotext", result);
+ CHECKM("dns_message_pseudosectiontotext", result);
}
if (display_question && display_headers && !display_short_form) {
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
- CHECK("dns_message_sectiontotext", result);
+ CHECKM("dns_message_sectiontotext", result);
}
if (display_answer && !display_short_form) {
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
- CHECK("dns_message_sectiontotext", result);
+ CHECKM("dns_message_sectiontotext", result);
} else if (display_answer) {
dns_name_t empty_name;
unsigned int answerstyleflags = 0;
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
-
- CHECK("dns_rdata_tofmttext", result);
+ CHECKM("dns_rdata_tofmttext", result);
if (strlen("\n") >=
isc_buffer_availablelength(buf))
{
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
- CHECK("dns_message_sectiontotext", result);
+ CHECKM("dns_message_sectiontotext", result);
}
if (display_additional && !display_short_form) {
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
- CHECK("dns_message_sectiontotext", result);
+ CHECKM("dns_message_sectiontotext", result);
}
if (display_additional && !display_short_form && display_headers) {
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
- CHECK("dns_message_pseudosectiontotext", result);
+ CHECKM("dns_message_pseudosectiontotext", result);
result = dns_message_pseudosectiontotext(
response, DNS_PSEUDOSECTION_SIG0, style, flags, buf);
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
- CHECK("dns_message_pseudosectiontotext", result);
+ CHECKM("dns_message_pseudosectiontotext", result);
}
if (display_headers && display_comments && !display_short_form && !yaml)
isc_buffer_add(&buf, strlen(query->textname));
result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
dns_rootname, 0);
- CHECK("dns_name_fromtext", result);
+ CHECKM("dns_name_fromtext", result);
dns_message_create(isc_g_mctx, NULL, NULL, DNS_MESSAGE_INTENTRENDER,
&message);
if (query->nsid) {
dns_ednsopt_t option = { .code = DNS_OPT_NSID };
result = dns_message_ednsaddopt(message, &option);
- CHECK("dns_message_ednsaddopt", result);
+ CHECKM("dns_message_ednsaddopt", result);
}
if (query->ecs_addr != NULL) {
.length = (uint16_t)addrl +
4 };
result = dns_message_ednsaddopt(message, &option);
- CHECK("dns_message_ednsaddopt", result);
+ CHECKM("dns_message_ednsaddopt", result);
}
if (query->send_cookie) {
isc_buffer_init(&b, cookie, sizeof(cookie));
result = isc_hex_decodestring(query->cookie,
&b);
- CHECK("isc_hex_decodestring", result);
+ CHECKM("isc_hex_decodestring", result);
option.value = isc_buffer_base(&b);
option.length = isc_buffer_usedlength(&b);
} else {
}
result = dns_message_ednsaddopt(message, &option);
- CHECK("dns_message_ednsaddopt", result);
+ CHECKM("dns_message_ednsaddopt", result);
}
if (query->expire) {
dns_ednsopt_t option = { .code = DNS_OPT_EXPIRE };
result = dns_message_ednsaddopt(message, &option);
- CHECK("dns_message_ednsaddopt", result);
+ CHECKM("dns_message_ednsaddopt", result);
}
if (query->ednsoptscnt != 0) {
for (size_t i = 0; i < query->ednsoptscnt; i++) {
result = dns_message_ednsaddopt(
message, &query->ednsopts[i]);
- CHECK("dns_message_ednsaddopt", result);
+ CHECKM("dns_message_ednsaddopt", result);
}
}
result = dns_message_setopt(message);
- CHECK("dns_message_setopt", result);
+ CHECKM("dns_message_setopt", result);
}
if (tcp_mode) {
NULL, options, NULL, query->timeout, query->timeout,
query->udptimeout, query->udpretries, isc_loop_main(),
recvresponse, message, &request);
- CHECK("dns_request_create", result);
+ CHECKM("dns_request_create", result);
return ISC_R_SUCCESS;
}
buf = isc_mem_allocate(isc_g_mctx, strlen(value) / 2 + 1);
isc_buffer_init(&b, buf, strlen(value) / 2 + 1);
result = isc_hex_decodestring(value, &b);
- CHECK("isc_hex_decodestring", result);
+ CHECKM("isc_hex_decodestring", result);
query->ednsopts[query->ednsoptscnt].value = isc_buffer_base(&b);
query->ednsopts[query->ednsoptscnt].length =
isc_buffer_usedlength(&b);
if (dot != NULL) {
isc_result_t result;
result = reverse_octets(dot + 1, p, end);
- CHECK("reverse_octets", result);
+ CHECKM("reverse_octets", result);
result = append(".", 1, p, end);
- CHECK("append", result);
+ CHECKM("append", result);
len = (int)(dot - in);
} else {
len = strlen(in);
name = dns_fixedname_initname(&fname);
result = dns_byaddr_createptrname(&addr, name);
- CHECK("dns_byaddr_createptrname", result);
+ CHECKM("dns_byaddr_createptrname", result);
dns_name_format(name, reverse, (unsigned int)len);
return;
} else {
char *p = reverse;
char *end = reverse + len;
result = reverse_octets(value, &p, end);
- CHECK("reverse_octets", result);
+ CHECKM("reverse_octets", result);
/* Append .in-addr.arpa. and a terminating NUL. */
result = append(".in-addr.arpa.", 15, &p, end);
- CHECK("append", result);
+ CHECKM("append", result);
return;
}
}
}
result = parse_uint(&num, value, COMMSIZE,
"buffer size");
- CHECK("parse_uint(buffer size)", result);
+ CHECKM("parse_uint(buffer size)", result);
query->udpsize = num;
break;
case 'r': /* burst */
result = parse_uint(&num, value,
255,
"edns");
- CHECK("parse_uint(edns)",
- result);
+ CHECKM("parse_uint(edns)",
+ result);
query->edns = num;
break;
case 'f':
result = parse_xint(
&num, value, 0xffff,
"ednsflags");
- CHECK("parse_xint(ednsflags)",
- result);
+ CHECKM("parse_xint(ednsflags)",
+ result);
if (query->edns == -1) {
query->edns = 1;
}
}
result = parse_uint(&query->udpretries, value,
MAXTRIES - 1, "udpretries");
- CHECK("parse_uint(udpretries)", result);
+ CHECKM("parse_uint(udpretries)", result);
break;
default:
goto invalid_option;
if (display_splitwidth) {
display_splitwidth += 3;
}
- CHECK("parse_uint(split)", result);
+ CHECKM("parse_uint(split)", result);
break;
case 'u': /* subnet */
FULLCHECK("subnet");
query->edns = 0;
}
result = parse_netprefix(&query->ecs_addr, value);
- CHECK("parse_netprefix", result);
+ CHECKM("parse_netprefix", result);
break;
default:
goto invalid_option;
}
result = parse_uint(&query->timeout, value, MAXTIMEOUT,
"timeout");
- CHECK("parse_uint(timeout)", result);
+ CHECKM("parse_uint(timeout)", result);
if (query->timeout == 0) {
query->timeout = 1;
}
}
result = parse_uint(&query->udpretries, value, MAXTRIES,
"udpretries");
- CHECK("parse_uint(udpretries)", result);
+ CHECKM("parse_uint(udpretries)", result);
if (query->udpretries > 0) {
query->udpretries -= 1;
}
}
result = parse_uint(&query->udptimeout, value,
MAXTIMEOUT, "udptimeout");
- CHECK("parse_uint(udptimeout)", result);
+ CHECKM("parse_uint(udptimeout)", result);
break;
case 'n':
FULLCHECK("unknownformat");
if (hash != NULL) {
result = parse_uint(&num, hash + 1, MAXPORT,
"port number");
- CHECK("parse_uint(srcport)", result);
+ CHECKM("parse_uint(srcport)", result);
srcport = num;
*hash = '\0';
} else {
tr.length = strlen(value);
result = dns_rdataclass_fromtext(&rdclass,
(isc_textregion_t *)&tr);
- CHECK("dns_rdataclass_fromtext", result);
+ CHECKM("dns_rdataclass_fromtext", result);
query->rdclass = rdclass;
return value_from_next;
case 'f':
case 'p':
GLOBAL();
result = parse_uint(&num, value, MAXPORT, "port number");
- CHECK("parse_uint(port)", result);
+ CHECKM("parse_uint(port)", result);
port = num;
return value_from_next;
case 't':
tr.length = strlen(value);
result = dns_rdatatype_fromtext(&rdtype,
(isc_textregion_t *)&tr);
- CHECK("dns_rdatatype_fromtext", result);
+ CHECKM("dns_rdatatype_fromtext", result);
query->rdtype = rdtype;
return value_from_next;
case 'x':
isc_buffer_t buf;
dns_qpkey_t key, cmp;
dns_namespace_t space;
+ isc_result_t result;
namein = dns_fixedname_initname(&fixedin);
nameout = dns_fixedname_initname(&fixedout);
assert((namerel > 0) == (keyrel > 0));
assert(space == DNS_DBNAMESPACE_NORMAL);
+cleanup:
return 0;
}
assert(target.used == size);
assert(!memcmp(target.base, data, size));
+cleanup:
return 0;
}
int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
-
-#define CHECK(x) \
- if ((x) != ISC_R_SUCCESS) { \
- return (0); \
- }
result = isc_lex_getmastertoken(lex, &token, expect, eol);
} while (result == ISC_R_SUCCESS && token.type != isc_tokentype_eof);
+cleanup:
return 0;
}
result = isc_lex_gettoken(lex, 0, &token);
} while (result == ISC_R_SUCCESS);
+cleanup:
return 0;
}
#define UCTX_MAGIC ISC_MAGIC('U', 'c', 't', 'x')
#define UCTX_VALID(c) ISC_MAGIC_VALID(c, UCTX_MAGIC)
-#define CHECK(r) \
- do { \
- result = (r); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
/*%
* DNS client object
*/
#include <dns/rdatatype.h>
#include <dns/time.h>
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
static dns_rdatatype_t
rdata_covers(dns_rdata_t *rdata) {
return rdata->type == dns_rdatatype_rrsig ? dns_rdata_covers(rdata) : 0;
}
return ISC_R_SUCCESS;
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (callbacks->commit != NULL) {
callbacks->commit(callbacks->add_private);
}
#define is_response(msg) ((msg->flags & DNS_MESSAGEFLAG_QR) != 0)
-#define RETERR(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
#define TYPE_SIGN 0
#define TYPE_VERIFY 1
isc_buffer_init(&databuf, data, sizeof(data));
- RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true,
- &ctx));
+ CHECK(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true,
+ &ctx));
/*
* Digest the fields of the SIG - we can cheat and use
* dns_rdata_fromstruct. Since siglen is 0, the digested data
* is identical to dns format.
*/
- RETERR(dns_rdata_fromstruct(NULL, dns_rdataclass_any,
- dns_rdatatype_sig /* SIG(0) */, &sig,
- &databuf));
+ CHECK(dns_rdata_fromstruct(NULL, dns_rdataclass_any,
+ dns_rdatatype_sig /* SIG(0) */, &sig,
+ &databuf));
isc_buffer_usedregion(&databuf, &r);
- RETERR(dst_context_adddata(ctx, &r));
+ CHECK(dst_context_adddata(ctx, &r));
/*
* If this is a response, digest the query.
*/
if (is_response(msg)) {
- RETERR(dst_context_adddata(ctx, &msg->query));
+ CHECK(dst_context_adddata(ctx, &msg->query));
}
/*
isc_buffer_init(&headerbuf, header, sizeof(header));
dns_message_renderheader(msg, &headerbuf);
isc_buffer_usedregion(&headerbuf, &r);
- RETERR(dst_context_adddata(ctx, &r));
+ CHECK(dst_context_adddata(ctx, &r));
/*
* Digest the remainder of the message.
*/
isc_buffer_usedregion(msg->buffer, &r);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
- RETERR(dst_context_adddata(ctx, &r));
+ CHECK(dst_context_adddata(ctx, &r));
- RETERR(dst_key_sigsize(key, &sigsize));
+ CHECK(dst_key_sigsize(key, &sigsize));
sig.siglen = sigsize;
sig.signature = isc_mem_get(mctx, sig.siglen);
isc_buffer_init(&sigbuf, sig.signature, sig.siglen);
- RETERR(dst_context_sign(ctx, &sigbuf));
+ CHECK(dst_context_sign(ctx, &sigbuf));
dst_context_destroy(&ctx);
rdata = NULL;
dns_message_gettemprdata(msg, &rdata);
isc_buffer_allocate(msg->mctx, &dynbuf, 1024);
- RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
- dns_rdatatype_sig /* SIG(0) */, &sig,
- dynbuf));
+ CHECK(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
+ dns_rdatatype_sig /* SIG(0) */, &sig,
+ dynbuf));
isc_mem_put(mctx, sig.signature, sig.siglen);
return ISC_R_SUCCESS;
-failure:
+cleanup:
if (dynbuf != NULL) {
isc_buffer_free(&dynbuf);
}
isc_buffer_usedregion(source, &source_r);
- RETERR(dns_rdataset_first(msg->sig0));
+ CHECK(dns_rdataset_first(msg->sig0));
dns_rdataset_current(msg->sig0, &rdata);
- RETERR(dns_rdata_tostruct(&rdata, &sig, NULL));
+ CHECK(dns_rdata_tostruct(&rdata, &sig, NULL));
signeedsfree = true;
if (sig.labels != 0) {
- result = DNS_R_SIGINVALID;
- goto failure;
+ CHECK(DNS_R_SIGINVALID);
}
if (isc_serial_lt(sig.timeexpire, sig.timesigned)) {
- result = DNS_R_SIGINVALID;
msg->sig0status = dns_tsigerror_badtime;
- goto failure;
+ CHECK(DNS_R_SIGINVALID);
}
if (msg->fuzzing) {
}
if (isc_serial_lt((uint32_t)now, sig.timesigned)) {
- result = DNS_R_SIGFUTURE;
msg->sig0status = dns_tsigerror_badtime;
- goto failure;
+ CHECK(DNS_R_SIGFUTURE);
} else if (isc_serial_lt(sig.timeexpire, (uint32_t)now)) {
- result = DNS_R_SIGEXPIRED;
msg->sig0status = dns_tsigerror_badtime;
- goto failure;
+ CHECK(DNS_R_SIGEXPIRED);
}
if (!dns_name_equal(dst_key_name(key), &sig.signer)) {
- result = DNS_R_SIGINVALID;
msg->sig0status = dns_tsigerror_badkey;
- goto failure;
+ CHECK(DNS_R_SIGINVALID);
}
- RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false,
- &ctx));
+ CHECK(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false,
+ &ctx));
/*
* Digest the SIG(0) record, except for the signature.
*/
dns_rdata_toregion(&rdata, &r);
r.length -= sig.siglen;
- RETERR(dst_context_adddata(ctx, &r));
+ CHECK(dst_context_adddata(ctx, &r));
/*
* If this is a response, digest the query.
*/
if (is_response(msg)) {
- RETERR(dst_context_adddata(ctx, &msg->query));
+ CHECK(dst_context_adddata(ctx, &msg->query));
}
/*
*/
header_r.base = (unsigned char *)header;
header_r.length = DNS_MESSAGE_HEADERLEN;
- RETERR(dst_context_adddata(ctx, &header_r));
+ CHECK(dst_context_adddata(ctx, &header_r));
/*
* Digest all non-SIG(0) records.
*/
r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
- RETERR(dst_context_adddata(ctx, &r));
+ CHECK(dst_context_adddata(ctx, &r));
sig_r.base = sig.signature;
sig_r.length = sig.siglen;
result = dst_context_verify(ctx, &sig_r);
if (result != ISC_R_SUCCESS) {
msg->sig0status = dns_tsigerror_badsig;
- goto failure;
+ goto cleanup;
}
msg->verified_sig = 1;
return ISC_R_SUCCESS;
-failure:
+cleanup:
if (signeedsfree) {
dns_rdata_freestruct(&sig);
}
directory = ".";
}
- RETERR(isc_dir_open(&dir, directory));
+ CHECK(isc_dir_open(&dir, directory));
dir_open = true;
while (isc_dir_read(&dir) == ISC_R_SUCCESS) {
}
result = match ? ISC_R_SUCCESS : ISC_R_NOTFOUND;
-failure:
+cleanup:
if (dir_open) {
isc_dir_close(&dir);
}
ISC_LIST_INIT(list);
isc_buffer_init(&b, namebuf, sizeof(namebuf) - 1);
- RETERR(dns_name_tofilenametext(origin, false, &b));
+ CHECK(dns_name_tofilenametext(origin, false, &b));
len = isc_buffer_usedlength(&b);
namebuf[len] = '\0';
if (kasp == NULL || (strcmp(dns_kasp_getname(kasp), "none") == 0) ||
(strcmp(dns_kasp_getname(kasp), "insecure") == 0))
{
- RETERR(findmatchingkeys(keydir, rrtypekey, namebuf, len, mctx,
- now, &list));
+ CHECK(findmatchingkeys(keydir, rrtypekey, namebuf, len, mctx,
+ now, &list));
} else if (keystores != NULL) {
ISC_LIST_FOREACH(*keystores, keystore, link) {
ISC_LIST_FOREACH(dns_kasp_keys(kasp), kkey, link) {
const char *directory =
dns_keystore_directory(keystore,
keydir);
- RETERR(findmatchingkeys(
+ CHECK(findmatchingkeys(
directory, rrtypekey, namebuf,
len, mctx, now, &list));
break;
result = ISC_R_NOTFOUND;
}
-failure:
+cleanup:
ISC_LIST_FOREACH(list, key, link) {
ISC_LIST_UNLINK(list, key, link);
INSIST(key->key != NULL);
goto skip;
}
- RETERR(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey));
+ CHECK(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey));
dst_key_setttl(dnskey, keys.ttl);
if (!is_zone_key(dnskey)) {
if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) {
result = ISC_R_SUCCESS;
}
- RETERR(result);
+ CHECK(result);
if (kasp != NULL && dns_kasp_offlineksk(kasp) &&
(dst_key_flags(dnskey) & DNS_KEYFLAG_KSK) != 0)
}
goto skip;
}
- RETERR(result);
+ CHECK(result);
/*
* Whatever the key's default TTL may have
}
if (keysigs != NULL && dns_rdataset_isassociated(keysigs)) {
- RETERR(mark_active_keys(keylist, keysigs));
+ CHECK(mark_active_keys(keylist, keysigs));
}
if (soasigs != NULL && dns_rdataset_isassociated(soasigs)) {
- RETERR(mark_active_keys(keylist, soasigs));
+ CHECK(mark_active_keys(keylist, soasigs));
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (dns_rdataset_isassociated(&keys)) {
dns_rdataset_disassociate(&keys);
}
dns_rdata_t dnskey = DNS_RDATA_INIT;
dns_rdata_reset(&dnskey);
- RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
+ CHECK(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
dst_key_format(key->key, keystr, sizeof(keystr));
report("Fetching %s (%s) from key %s.", keystr,
/* publish key */
addrdata(&dnskey, diff, origin, ttl, mctx);
-failure:
+cleanup:
return result;
}
report("Removing %s key %s/%d/%s from DNSKEY RRset.", reason, namebuf,
dst_key_id(key->key), alg);
- RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
+ CHECK(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
delrdata(&dnskey, diff, origin, ttl, mctx);
-failure:
+cleanup:
return result;
}
dns_rdata_t cdnskeyrdata = DNS_RDATA_INIT;
dns_name_t *origin = dst_key_name(key->key);
- RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
- &cdnskeyrdata));
+ CHECK(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
+ &cdnskeyrdata));
cdnskeyrdata.type = dns_rdatatype_cdnskey;
if (syncpublish(key->key, now)) {
dst_key_format(key->key, keystr, sizeof(keystr));
ISC_LIST_FOREACH(*digests, alg, link) {
- RETERR(add_cds(key, &cdnskeyrdata,
- (const char *)keystr, cds,
- alg->digest, cdsttl, diff,
- mctx));
+ CHECK(add_cds(key, &cdnskeyrdata,
+ (const char *)keystr, cds,
+ alg->digest, cdsttl, diff, mctx));
}
if (gencdnskey &&
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(key->key, keystr, sizeof(keystr));
- RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
- &cdnskeyrdata));
+ CHECK(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
+ &cdnskeyrdata));
if (dns_rdataset_isassociated(cds)) {
delete_cds(key, &cdnskeyrdata, (const char *)keystr,
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
if (key->source == dns_keysource_user &&
(key->hint_publish || key->force_publish))
{
- RETERR(publish_key(diff, key, origin, ttl, mctx,
- report));
+ CHECK(publish_key(diff, key, origin, ttl, mctx,
+ report));
}
if (key->source == dns_keysource_zoneapex) {
ttl = dst_key_getttl(key->key);
if (key1->source != dns_keysource_zoneapex &&
(key1->hint_publish || key1->force_publish))
{
- RETERR(publish_key(diff, key1, origin, ttl,
- mctx, report));
+ CHECK(publish_key(diff, key1, origin, ttl, mctx,
+ report));
isc_log_write(
DNS_LOGCATEGORY_DNSSEC,
DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO,
/* Match found: remove or update it as needed */
if (key1->hint_remove) {
- RETERR(remove_key(diff, key2, origin, ttl, mctx,
- "expired", report));
+ CHECK(remove_key(diff, key2, origin, ttl, mctx,
+ "expired", report));
ISC_LIST_UNLINK(*keys, key2, link);
if (removed != NULL) {
* We need to remove the old version and pull
* in the new one.
*/
- RETERR(remove_key(diff, key2, origin, ttl, mctx,
- "revoked", report));
+ CHECK(remove_key(diff, key2, origin, ttl, mctx,
+ "revoked", report));
ISC_LIST_UNLINK(*keys, key2, link);
if (removed != NULL) {
ISC_LIST_APPEND(*removed, key2, link);
dns_dnsseckey_destroy(mctx, &key2);
}
- RETERR(publish_key(diff, key1, origin, ttl, mctx,
- report));
+ CHECK(publish_key(diff, key1, origin, ttl, mctx,
+ report));
ISC_LIST_UNLINK(*newkeys, key1, link);
ISC_LIST_APPEND(*keys, key1, link);
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
isc_stats_t *stats;
};
-#define CHECK(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
typedef struct ioq {
unsigned int generation;
struct fstrm_iothr_queue *ioq;
#define DST_AS_STR(t) ((t).value.as_textregion.base)
-#define NEXTTOKEN(lex, opt, token) \
- { \
- ret = isc_lex_gettoken(lex, opt, token); \
- if (ret != ISC_R_SUCCESS) \
- goto cleanup; \
- }
-
-#define NEXTTOKEN_OR_EOF(lex, opt, token) \
- do { \
- ret = isc_lex_gettoken(lex, opt, token); \
- if (ret == ISC_R_EOF) \
- break; \
- if (ret != ISC_R_SUCCESS) \
- goto cleanup; \
+#define NEXTTOKEN(lex, opt, token) CHECK(isc_lex_gettoken(lex, opt, token))
+
+#define NEXTTOKEN_OR_EOF(lex, opt, token) \
+ do { \
+ result = isc_lex_gettoken(lex, opt, token); \
+ if (result == ISC_R_EOF) { \
+ break; \
+ } \
+ CHECK(result); \
} while ((*token).type == isc_tokentype_eol);
-#define READLINE(lex, opt, token) \
- do { \
- ret = isc_lex_gettoken(lex, opt, token); \
- if (ret == ISC_R_EOF) \
- break; \
- if (ret != ISC_R_SUCCESS) \
- goto cleanup; \
+#define READLINE(lex, opt, token) \
+ do { \
+ result = isc_lex_gettoken(lex, opt, token); \
+ if (result == ISC_R_EOF) { \
+ break; \
+ } \
+ CHECK(result); \
} while ((*token).type != isc_tokentype_eol)
-#define BADTOKEN() \
- { \
- ret = ISC_R_UNEXPECTEDTOKEN; \
- goto cleanup; \
- }
+#define BADTOKEN() CHECK(ISC_R_UNEXPECTEDTOKEN)
static const char *numerictags[DST_MAX_NUMERIC] = {
[DST_NUM_PREDECESSOR] = "Predecessor:",
addsuffix(char *filename, int len, const char *dirname, const char *ofilename,
const char *suffix);
-#define RETERR(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto out; \
- } while (0)
-
#define CHECKALG(alg) \
do { \
isc_result_t _r; \
isc_result_t
dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
- isc_result_t ret = ISC_R_SUCCESS;
-
REQUIRE(VALID_KEY(key));
REQUIRE((type &
(DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE)) != 0);
}
if ((type & DST_TYPE_PUBLIC) != 0) {
- ret = write_public_key(key, type, directory);
- if (ret != ISC_R_SUCCESS) {
- return ret;
- }
+ RETERR(write_public_key(key, type, directory));
}
if ((type & DST_TYPE_STATE) != 0) {
- ret = write_key_state(key, type, directory);
- if (ret != ISC_R_SUCCESS) {
- return ret;
- }
+ RETERR(write_key_state(key, type, directory));
}
if (((type & DST_TYPE_PRIVATE) != 0) &&
key = NULL;
isc_buffer_init(&buf, filename, NAME_MAX);
- result = dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf);
- if (result != ISC_R_SUCCESS) {
- goto out;
- }
-
- result = dst_key_fromnamedfile(filename, directory, type, mctx, &key);
- if (result != ISC_R_SUCCESS) {
- goto out;
- }
-
- result = computeid(key);
- if (result != ISC_R_SUCCESS) {
- goto out;
- }
+ CHECK(dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf));
+ CHECK(dst_key_fromnamedfile(filename, directory, type, mctx, &key));
+ CHECK(computeid(key));
if (!dns_name_equal(name, key->key_name) || id != key->key_id ||
alg != key->key_alg)
{
- result = DST_R_INVALIDPRIVATEKEY;
- goto out;
+ CHECK(DST_R_INVALIDPRIVATEKEY);
}
*keyp = key;
result = ISC_R_SUCCESS;
-out:
+cleanup:
if ((key != NULL) && (result != ISC_R_SUCCESS)) {
dst_key_free(&key);
}
".key");
INSIST(result == ISC_R_SUCCESS);
- RETERR(dst_key_read_public(newfilename, type, mctx, &pubkey));
+ CHECK(dst_key_read_public(newfilename, type, mctx, &pubkey));
isc_mem_put(mctx, newfilename, newfilenamelen);
/*
/* Having no state is valid. */
result = ISC_R_SUCCESS;
}
- RETERR(result);
+ CHECK(result);
}
if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == DST_TYPE_PUBLIC ||
(pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
{
- RETERR(computeid(pubkey));
+ CHECK(computeid(pubkey));
pubkey->modified = false;
*keyp = pubkey;
pubkey = NULL;
- goto out;
+ goto cleanup;
}
- RETERR(algorithm_status(pubkey->key_alg));
+ CHECK(algorithm_status(pubkey->key_alg));
key = get_key_struct(pubkey->key_name, pubkey->key_alg,
pubkey->key_flags, pubkey->key_proto,
pubkey->key_ttl, mctx);
if (key->func->parse == NULL) {
- RETERR(DST_R_UNSUPPORTEDALG);
+ CHECK(DST_R_UNSUPPORTEDALG);
}
newfilenamelen = strlen(filename) + 9;
INSIST(result == ISC_R_SUCCESS);
isc_lex_create(mctx, 1500, &lex);
- RETERR(isc_lex_openfile(lex, newfilename));
+ CHECK(isc_lex_openfile(lex, newfilename));
isc_mem_put(mctx, newfilename, newfilenamelen);
- RETERR(key->func->parse(key, lex, pubkey));
+ CHECK(key->func->parse(key, lex, pubkey));
isc_lex_destroy(&lex);
key->kasp = false;
/* Having no state is valid. */
result = ISC_R_SUCCESS;
}
- RETERR(result);
+ CHECK(result);
}
- RETERR(computeid(key));
+ CHECK(computeid(key));
if (pubkey->key_id != key->key_id) {
- RETERR(DST_R_INVALIDPRIVATEKEY);
+ CHECK(DST_R_INVALIDPRIVATEKEY);
}
key->modified = false;
*keyp = key;
key = NULL;
-out:
+cleanup:
if (pubkey != NULL) {
dst_key_free(&pubkey);
}
*/
isc_buffer_allocate(key->mctx, &key->key_tkeytoken,
intoken->length);
- RETERR(isc_buffer_copyregion(key->key_tkeytoken, intoken));
+ CHECK(isc_buffer_copyregion(key->key_tkeytoken, intoken));
}
key->keydata.gssctx = gssctx;
*keyp = key;
result = ISC_R_SUCCESS;
-out:
+cleanup:
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
}
dns_rdataclass_t rdclass, const char *label, isc_mem_t *mctx,
dst_key_t **keyp, void (*callback)(int)) {
dst_key_t *key;
- isc_result_t ret;
+ isc_result_t result;
REQUIRE(dns_name_isabsolute(name));
REQUIRE(mctx != NULL);
return DST_R_UNSUPPORTEDALG;
}
- ret = key->func->generate(key, param, callback);
- if (ret != ISC_R_SUCCESS) {
+ result = key->func->generate(key, param, callback);
+ if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
- return ret;
+ return result;
}
- ret = computeid(key);
- if (ret != ISC_R_SUCCESS) {
+ result = computeid(key);
+ if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
- return ret;
+ return result;
}
*keyp = key;
dns_fixedname_t name;
isc_lex_t *lex = NULL;
isc_token_t token;
- isc_result_t ret;
+ isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
unsigned int opt = ISC_LEXOPT_DNSMULTILINE | ISC_LEXOPT_ESCAPE;
dns_rdataclass_t rdclass = dns_rdataclass_in;
isc_lexspecials_t specials;
uint32_t ttl = 0;
- isc_result_t result;
dns_rdatatype_t keytype;
/*
isc_lex_setspecials(lex, specials);
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
- ret = isc_lex_openfile(lex, filename);
- if (ret != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(isc_lex_openfile(lex, filename));
/* Read the domain name */
NEXTTOKEN(lex, opt, &token);
dns_fixedname_init(&name);
isc_buffer_init(&b, DST_AS_STR(token), strlen(DST_AS_STR(token)));
isc_buffer_add(&b, strlen(DST_AS_STR(token)));
- ret = dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname, 0);
- if (ret != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname,
+ 0));
/* Read the next word: either TTL, class, or 'KEY' */
NEXTTOKEN(lex, opt, &token);
BADTOKEN();
}
- ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
- if (ret == ISC_R_SUCCESS) {
+ result = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
+ if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
if (((type & DST_TYPE_KEY) != 0 && keytype != dns_rdatatype_key) ||
((type & DST_TYPE_KEY) == 0 && keytype != dns_rdatatype_dnskey))
{
- ret = DST_R_BADKEYTYPE;
+ result = DST_R_BADKEYTYPE;
goto cleanup;
}
isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
- ret = dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, false,
- mctx, &b, NULL);
- if (ret != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, false,
+ mctx, &b, NULL));
- ret = dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx,
- keyp);
- if (ret != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx,
+ keyp));
dst_key_setttl(*keyp, ttl);
if (lex != NULL) {
isc_lex_destroy(&lex);
}
- return ret;
+ return result;
}
static int
dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
isc_lex_t *lex = NULL;
isc_token_t token;
- isc_result_t ret;
+ isc_result_t result;
unsigned int opt = ISC_LEXOPT_EOL;
isc_lex_create(mctx, 1500, &lex);
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
- ret = isc_lex_openfile(lex, filename);
- if (ret != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(isc_lex_openfile(lex, filename));
/*
* Read the comment line.
int tag;
NEXTTOKEN_OR_EOF(lex, opt, &token);
- if (ret == ISC_R_EOF) {
+ if (result == ISC_R_EOF) {
break;
}
if (token.type != isc_tokentype_string) {
BADTOKEN();
}
- ret = dns_time32_fromtext(DST_AS_STR(token), &when);
- if (ret != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(dns_time32_fromtext(DST_AS_STR(token), &when));
dst_key_settime(*keyp, tag, when);
goto next;
BADTOKEN();
}
- ret = keystate_fromtext(DST_AS_STR(token), &state);
- if (ret != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(keystate_fromtext(DST_AS_STR(token), &state));
dst_key_setstate(*keyp, tag, state);
goto next;
}
/* Done, successfully parsed the whole file. */
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
cleanup:
if (lex != NULL) {
isc_lex_destroy(&lex);
}
- return ret;
+ return result;
}
static bool
isc_buffer_t dnsbuf;
unsigned char dns_array[DST_KEY_MAXSIZE];
isc_region_t r;
- isc_result_t ret;
isc_buffer_init(&dnsbuf, dns_array, sizeof(dns_array));
- ret = dst_key_todns(key, &dnsbuf);
- if (ret != ISC_R_SUCCESS) {
- return ret;
- }
+ RETERR(dst_key_todns(key, &dnsbuf));
isc_buffer_usedregion(&dnsbuf, &r);
key->key_id = dst_region_computeid(&r);
unsigned int protocol, dns_rdataclass_t rdclass,
isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp) {
dst_key_t *key;
- isc_result_t ret;
+ isc_result_t result;
REQUIRE(dns_name_isabsolute(name));
REQUIRE(source != NULL);
key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0, mctx);
if (isc_buffer_remaininglength(source) > 0) {
- ret = algorithm_status(alg);
- if (ret != ISC_R_SUCCESS) {
+ result = algorithm_status(alg);
+ if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
- return ret;
+ return result;
}
if (key->func->fromdns == NULL) {
dst_key_free(&key);
return DST_R_UNSUPPORTEDALG;
}
- ret = key->func->fromdns(key, source);
- if (ret != ISC_R_SUCCESS) {
+ result = key->func->fromdns(key, source);
+ if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
- return ret;
+ return result;
}
}
unsigned char *data = NULL;
unsigned int opt = ISC_LEXOPT_EOL;
isc_stdtime_t when;
- isc_result_t ret;
+ isc_result_t result;
bool external = false;
REQUIRE(priv != NULL);
priv->nelements = 0;
memset(priv->elements, 0, sizeof(priv->elements));
-#define NEXTTOKEN(lex, opt, token) \
- do { \
- ret = isc_lex_gettoken(lex, opt, token); \
- if (ret != ISC_R_SUCCESS) \
- goto fail; \
+#define NEXTTOKEN(lex, opt, token) \
+ do { \
+ CHECK(isc_lex_gettoken(lex, opt, token)); \
} while (0)
-#define READLINE(lex, opt, token) \
- do { \
- ret = isc_lex_gettoken(lex, opt, token); \
- if (ret == ISC_R_EOF) \
- break; \
- else if (ret != ISC_R_SUCCESS) \
- goto fail; \
+#define READLINE(lex, opt, token) \
+ do { \
+ result = isc_lex_gettoken(lex, opt, token); \
+ if (result == ISC_R_EOF) { \
+ break; \
+ } else if (result != ISC_R_SUCCESS) { \
+ goto cleanup; \
+ } \
} while ((*token).type != isc_tokentype_eol)
/*
if (token.type != isc_tokentype_string ||
strcmp(DST_AS_STR(token), PRIVATE_KEY_STR) != 0)
{
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string || (DST_AS_STR(token))[0] != 'v')
{
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
if (sscanf(DST_AS_STR(token), "v%d.%d", &major, &minor) != 2) {
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
if (major > DST_MAJOR_VERSION) {
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
/*
if (token.type != isc_tokentype_string ||
strcmp(DST_AS_STR(token), ALGORITHM_STR) != 0)
{
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
if (token.type != isc_tokentype_number ||
token.value.as_ulong != (unsigned long)dst_key_alg(key))
{
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
READLINE(lex, opt, &token);
int tag;
isc_region_t r;
do {
- ret = isc_lex_gettoken(lex, opt, &token);
- if (ret == ISC_R_EOF) {
+ result = isc_lex_gettoken(lex, opt, &token);
+ if (result == ISC_R_EOF) {
goto done;
}
- if (ret != ISC_R_SUCCESS) {
- goto fail;
+ if (result != ISC_R_SUCCESS) {
+ goto cleanup;
}
} while (token.type == isc_tokentype_eol);
if (token.type != isc_tokentype_string) {
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
if (strcmp(DST_AS_STR(token), "External:") == 0) {
NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
if (token.type != isc_tokentype_number) {
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
dst_key_setnum(key, tag, token.value.as_ulong);
NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string) {
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
- ret = dns_time32_fromtext(DST_AS_STR(token), &when);
- if (ret != ISC_R_SUCCESS) {
- goto fail;
- }
+ CHECK(dns_time32_fromtext(DST_AS_STR(token), &when));
dst_key_settime(key, tag, when);
if (tag < 0 && minor > DST_MINOR_VERSION) {
goto next;
} else if (tag < 0) {
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
priv->elements[n].tag = tag;
data = isc_mem_get(mctx, MAXFIELDSIZE);
isc_buffer_init(&b, data, MAXFIELDSIZE);
- ret = isc_base64_tobuffer(lex, &b, -1);
- if (ret != ISC_R_SUCCESS) {
- goto fail;
- }
+ CHECK(isc_base64_tobuffer(lex, &b, -1));
isc_buffer_usedregion(&b, &r);
priv->elements[n].length = r.length;
done:
if (external && priv->nelements != 0) {
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
}
check = check_data(priv, alg, true, external);
if (check < 0) {
- ret = DST_R_INVALIDPRIVATEKEY;
- goto fail;
+ result = DST_R_INVALIDPRIVATEKEY;
+ goto cleanup;
} else if (check != ISC_R_SUCCESS) {
- ret = check;
- goto fail;
+ result = check;
+ goto cleanup;
}
key->external = external;
return ISC_R_SUCCESS;
-fail:
+cleanup:
dst__privstruct_free(priv, mctx);
if (data != NULL) {
isc_mem_put(mctx, data, MAXFIELDSIZE);
}
- return ret;
+ return result;
}
isc_result_t
#include "dyndb_p.h"
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
typedef struct dyndb_implementation dyndb_implementation_t;
struct dyndb_implementation {
isc_mem_t *mctx;
(r).base = (gb).value; \
} while (0)
-#define RETERR(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto out; \
- } while (0)
-
static void
name_to_gbuffer(const dns_name_t *name, isc_buffer_t *buffer,
gss_buffer_desc *gbuffer) {
gret = gss_import_name(&minor, &gnamebuf, GSS_C_NO_OID, &gname);
if (gret != GSS_S_COMPLETE) {
gss_err_message(mctx, gret, minor, err_message);
- result = ISC_R_FAILURE;
- goto out;
+ CHECK(ISC_R_FAILURE);
}
if (intoken != NULL) {
gss_log(3, "Failure initiating security context");
}
- result = ISC_R_FAILURE;
- goto out;
+ CHECK(ISC_R_FAILURE);
}
/*
*/
if (gouttoken.length != 0U) {
GBUFFER_TO_REGION(gouttoken, r);
- RETERR(isc_buffer_copyregion(outtoken, &r));
+ CHECK(isc_buffer_copyregion(outtoken, &r));
}
if (gret == GSS_S_COMPLETE) {
result = DNS_R_CONTINUE;
}
-out:
+cleanup:
if (gouttoken.length != 0U) {
(void)gss_release_buffer(&minor, &gouttoken);
}
isc_buffer_allocate(mctx, outtoken,
(unsigned int)gouttoken.length);
GBUFFER_TO_REGION(gouttoken, r);
- RETERR(isc_buffer_copyregion(*outtoken, &r));
+ CHECK(isc_buffer_copyregion(*outtoken, &r));
(void)gss_release_buffer(&minor, &gouttoken);
}
gss_log(3, "failed gss_display_name: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
- RETERR(ISC_R_FAILURE);
+ CHECK(ISC_R_FAILURE);
}
/*
isc_buffer_init(&namebuf, r.base, r.length);
isc_buffer_add(&namebuf, r.length);
- RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname, 0));
+ CHECK(dns_name_fromtext(principal, &namebuf, dns_rootname, 0));
if (gnamebuf.length != 0U) {
gret = gss_release_buffer(&minor, &gnamebuf);
*ctxout = context;
-out:
+cleanup:
if (gname != NULL) {
gret = gss_release_name(&minor, &gname);
if (gret != GSS_S_COMPLETE) {
* Miscellaneous utilities.
*/
-/*%
- * It would be non-sensical (or at least obtuse) to use FAIL() with an
- * ISC_R_SUCCESS code, but the test is there to keep the Solaris compiler
- * from complaining about "end-of-loop code not reached".
- */
-#define FAIL(code) \
- do { \
- result = (code); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
#define JOURNAL_SERIALSET 0x01U
static isc_result_t
*/
result = isc_stdio_open(j->filename, "rb+", &fp);
} else {
- FAIL(ISC_R_NOTFOUND);
+ CHECK(ISC_R_NOTFOUND);
}
}
if (result != ISC_R_SUCCESS) {
isc_log_write(DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_JOURNAL,
ISC_LOG_ERROR, "%s: open: %s", j->filename,
isc_result_totext(result));
- FAIL(ISC_R_UNEXPECTED);
+ CHECK(ISC_R_UNEXPECTED);
}
j->fp = fp;
isc_log_write(DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_JOURNAL,
ISC_LOG_ERROR,
"%s: journal format not recognized", j->filename);
- FAIL(ISC_R_UNEXPECTED);
+ CHECK(ISC_R_UNEXPECTED);
}
journal_header_decode(&rawheader, &j->header);
*journalp = j;
return ISC_R_SUCCESS;
-failure:
+cleanup:
j->magic = 0;
if (j->rawindex != NULL) {
isc_mem_cput(j->mctx, j->rawindex, j->header.index_size,
j->recovered = true;
}
-failure:
+cleanup:
return result;
}
pos->serial = xhdr.serial1;
return ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
j->state = JOURNAL_STATE_TRANSACTION;
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (mem != NULL) {
isc_mem_put(j->mctx, mem, size);
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
CHECK(dns_journal_writediff(j, diff));
CHECK(dns_journal_commit(j));
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
"%s: journal file corrupt: missing "
"initial SOA",
j->filename);
- FAIL(ISC_R_UNEXPECTED);
+ CHECK(ISC_R_UNEXPECTED);
}
if ((options & DNS_JOURNALOPT_RESIGN) != 0) {
op = (n_soa == 1) ? DNS_DIFFOP_DELRESIGN
dns_diff_clear(&diff);
}
-failure:
+cleanup:
if (ver != NULL) {
dns_db_closeversion(db, &ver,
result == ISC_R_SUCCESS ? true : false);
"%s: journal file corrupt: missing "
"initial SOA",
j->filename);
- FAIL(ISC_R_UNEXPECTED);
+ CHECK(ISC_R_UNEXPECTED);
}
if (print) {
result = dns_diff_print(&diff, file);
dns_diff_clear(&diff);
}
- goto cleanup;
+ goto done;
-failure:
+cleanup:
isc_log_write(DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_JOURNAL,
ISC_LOG_ERROR, "%s: cannot print: journal file corrupt",
j->filename);
-cleanup:
+done:
if (source.base != NULL) {
isc_mem_put(j->mctx, source.base, source.length);
}
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
j->it.result = result;
return j->it.result;
}
return read_one_rr(j);
-failure:
+cleanup:
return result;
}
DNS_LOGMODULE_JOURNAL, ISC_LOG_ERROR,
"%s: journal corrupt: empty transaction",
j->filename);
- FAIL(ISC_R_UNEXPECTED);
+ CHECK(ISC_R_UNEXPECTED);
}
if (j->header_ver1) {
"expected serial %u, got %u",
j->filename, j->it.current_serial,
xhdr.serial0);
- FAIL(ISC_R_UNEXPECTED);
+ CHECK(ISC_R_UNEXPECTED);
}
j->it.xsize = xhdr.size;
"%s: journal corrupt: impossible RR size "
"(%d bytes)",
j->filename, rrhdr.size);
- FAIL(ISC_R_UNEXPECTED);
+ CHECK(ISC_R_UNEXPECTED);
}
size_buffer(j->mctx, &j->it.source, rrhdr.size);
* Check that the RR header is there, and parse it.
*/
if (isc_buffer_remaininglength(&j->it.source) < 10) {
- FAIL(DNS_R_FORMERR);
+ CHECK(DNS_R_FORMERR);
}
rdtype = isc_buffer_getuint16(&j->it.source);
"%s: journal corrupt: impossible rdlen "
"(%u bytes)",
j->filename, rdlen);
- FAIL(ISC_R_FAILURE);
+ CHECK(ISC_R_FAILURE);
}
/*
* Parse the rdata.
*/
if (isc_buffer_remaininglength(&j->it.source) != rdlen) {
- FAIL(DNS_R_FORMERR);
+ CHECK(DNS_R_FORMERR);
}
isc_buffer_setactive(&j->it.source, rdlen);
dns_rdata_reset(&j->it.rdata);
result = ISC_R_SUCCESS;
-failure:
+cleanup:
j->it.result = result;
return result;
}
ISC_LIST_APPENDLIST(r->tuples, del, link);
ISC_LIST_APPENDLIST(r->tuples, add, link);
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
next:;
}
if (itresult[0] != ISC_R_NOMORE) {
- FAIL(itresult[0]);
+ CHECK(itresult[0]);
}
if (itresult[1] != ISC_R_NOMORE) {
- FAIL(itresult[1]);
+ CHECK(itresult[1]);
}
INSIST(ISC_LIST_EMPTY(diff[0].tuples));
INSIST(ISC_LIST_EMPTY(diff[1].tuples));
-failure:
+cleanup:
dns_dbiterator_destroy(&dbit[1]);
cleanup_iterator:
}
}
-failure:
+cleanup:
if (journal != NULL) {
dns_journal_destroy(&journal);
}
if (result != ISC_R_SUCCESS &&
result != ISC_R_FILENOTFOUND)
{
- goto failure;
+ CHECK(result);
}
if (rename(filename, backup) == -1) {
goto maperrno;
(void)isc_file_remove(backup);
} else {
maperrno:
- result = ISC_R_FAILURE;
- goto failure;
+ CHECK(ISC_R_FAILURE);
}
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
(void)isc_file_remove(newname);
if (buf != NULL) {
isc_mem_put(mctx, buf, size);
CHECK(journal_seek(j, sizeof(journal_rawheader_t)));
CHECK(journal_write(j, j->rawindex, rawbytes));
}
-failure:
+cleanup:
return result;
}
#include <dst/dst.h>
-#define RETERR(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
/*
* Set key state to `target` state and change last changed
* to `time`, only if key state has not been set before.
result = dns_dnssec_findmatchingkeys(origin, NULL, keydir, NULL, now,
true, mctx, &keykeys);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
- goto failure;
+ goto cleanup;
}
do {
if (keystore == NULL) {
- RETERR(dst_key_generate(origin, alg, size, 0, flags,
- DNS_KEYPROTO_DNSSEC, rdclass,
- NULL, mctx, &newkey, NULL));
+ CHECK(dst_key_generate(origin, alg, size, 0, flags,
+ DNS_KEYPROTO_DNSSEC, rdclass,
+ NULL, mctx, &newkey, NULL));
} else {
- RETERR(dns_keystore_keygen(
+ CHECK(dns_keystore_keygen(
keystore, origin, dns_kasp_getname(kasp),
rdclass, mctx, alg, size, flags, &newkey));
}
*dst_key = newkey;
result = ISC_R_SUCCESS;
-failure:
+cleanup:
while (!ISC_LIST_EMPTY(keykeys)) {
dns_dnsseckey_t *key = ISC_LIST_HEAD(keykeys);
ISC_LIST_UNLINK(keykeys, key, link);
}
/* See if this key requires a rollover. */
- RETERR(keymgr_key_rollover(
- kkey, active_key, keyring, &newkeys, origin, rdclass,
- kasp, keydir, lifetime, opts, now, nexttime, mctx));
+ CHECK(keymgr_key_rollover(kkey, active_key, keyring, &newkeys,
+ origin, rdclass, kasp, keydir,
+ lifetime, opts, now, nexttime, mctx));
opts &= ~DNS_KEYMGRATTR_NOROLL;
}
}
dns_dnssec_get_hints(dkey, now);
- RETERR(dst_key_tofile(dkey->key, options, directory));
+ CHECK(dst_key_tofile(dkey->key, options, directory));
dst_key_setmodified(dkey->key, false);
if (!isc_log_wouldlog(ISC_LOG_DEBUG(3))) {
}
result = retval;
-failure:
- if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED) {
+
+cleanup:
+ if (result != ISC_R_SUCCESS) {
ISC_LIST_FOREACH(newkeys, newkey, link) {
ISC_LIST_UNLINK(newkeys, newkey, link);
INSIST(newkey->key != NULL);
isc_stdtime_t when = 0;
dst_key_state_t state = NA;
- RETERR(isc_buffer_printf(buf, "%s", pre));
+ CHECK(isc_buffer_printf(buf, "%s", pre));
(void)dst_key_getstate(key, ks, &state);
isc_result_t r = dst_key_gettime(key, kt, &when);
if (state == RUMOURED || state == OMNIPRESENT) {
- RETERR(isc_buffer_printf(buf, "yes - since "));
+ CHECK(isc_buffer_printf(buf, "yes - since "));
} else if (now < when) {
- RETERR(isc_buffer_printf(buf, "no - scheduled "));
+ CHECK(isc_buffer_printf(buf, "no - scheduled "));
} else {
return isc_buffer_printf(buf, "no\n");
}
if (r == ISC_R_SUCCESS) {
isc_stdtime_tostring(when, timestr, sizeof(timestr));
- RETERR(isc_buffer_printf(buf, "%s\n", timestr));
+ CHECK(isc_buffer_printf(buf, "%s\n", timestr));
}
-failure:
+cleanup:
return result;
}
(void)dst_key_getstate(key, ks, &state);
switch (state) {
case HIDDEN:
- RETERR(isc_buffer_printf(buf, " - %shidden\n", pre));
+ CHECK(isc_buffer_printf(buf, " - %shidden\n", pre));
break;
case RUMOURED:
- RETERR(isc_buffer_printf(buf, " - %srumoured\n", pre));
+ CHECK(isc_buffer_printf(buf, " - %srumoured\n", pre));
break;
case OMNIPRESENT:
- RETERR(isc_buffer_printf(buf, " - %somnipresent\n", pre));
+ CHECK(isc_buffer_printf(buf, " - %somnipresent\n", pre));
break;
case UNRETENTIVE:
- RETERR(isc_buffer_printf(buf, " - %sunretentive\n", pre));
+ CHECK(isc_buffer_printf(buf, " - %sunretentive\n", pre));
break;
case NA:
default:
break;
}
-failure:
+cleanup:
return result;
}
(void)dst_key_getstate(key, DST_KEY_DS, &ds);
// publish status
- RETERR(keytime_status(key, now, buf, " Published: ", DST_KEY_DNSKEY,
- DST_TIME_PUBLISH));
+ CHECK(keytime_status(key, now, buf, " Published: ", DST_KEY_DNSKEY,
+ DST_TIME_PUBLISH));
// signing status
result = dst_key_getbool(key, DST_BOOL_KSK, &ksk);
if (result == ISC_R_SUCCESS && ksk) {
- RETERR(keytime_status(key, now, buf, " Key signing: ",
- DST_KEY_KRRSIG, DST_TIME_PUBLISH));
+ CHECK(keytime_status(key, now, buf, " Key signing: ",
+ DST_KEY_KRRSIG, DST_TIME_PUBLISH));
}
result = dst_key_getbool(key, DST_BOOL_ZSK, &zsk);
if (result == ISC_R_SUCCESS && zsk) {
- RETERR(keytime_status(key, now, buf, " Zone signing: ",
- DST_KEY_ZRRSIG, DST_TIME_ACTIVATE));
+ CHECK(keytime_status(key, now, buf, " Zone signing: ",
+ DST_KEY_ZRRSIG, DST_TIME_ACTIVATE));
}
if (zsk) {
if (goal == OMNIPRESENT) {
if (dnskey == HIDDEN && zrrsig == HIDDEN) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Key is created but not "
"published yet.\n"));
} else if (dnskey == RUMOURED && zrrsig == HIDDEN) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Key is pre-published.\n"));
} else if (dnskey == RUMOURED && zrrsig == RUMOURED) {
- RETERR(isc_buffer_printf(buf, " Introducing "
- "new key.\n"));
+ CHECK(isc_buffer_printf(buf, " Introducing "
+ "new key.\n"));
} else if (dnskey == OMNIPRESENT && zrrsig == HIDDEN) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Key is published, but not yet "
"signing.\n"));
} else if (dnskey == OMNIPRESENT && zrrsig == RUMOURED)
{
if (keymgr_dep(key, keyring, NULL)) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" Key is published, waiting "
"for the zone to be completely "
"signed with this key.\n"));
} else {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" Key is published, "
"introducing signatures.\n"));
log_next_rollover = true;
}
} else {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Key is in unexpected state, "
"performing auto-healing.\n"));
*verbose = true;
} else if (goal == HIDDEN) {
if (dnskey == OMNIPRESENT && zrrsig == OMNIPRESENT) {
if (!ksk) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Key will be retired "
"after successor key "
"becomes active.\n"));
} else if (dnskey == OMNIPRESENT &&
zrrsig == UNRETENTIVE)
{
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" Key is retired, waiting until all "
"signatures generated with this key "
"are replaced with successor.\n"));
} else if (dnskey == OMNIPRESENT && zrrsig == HIDDEN) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Key is retired, no longer "
"signing the zone.\n"));
} else if (dnskey == UNRETENTIVE && zrrsig == HIDDEN) {
- RETERR(isc_buffer_printf(
- buf, " Key is removed from zone.\n"));
+ CHECK(isc_buffer_printf(buf, " Key is removed "
+ "from zone.\n"));
} else if (dnskey == HIDDEN && zrrsig == HIDDEN) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Key is completely hidden "
"(waiting to be purged).\n"));
} else {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " WARNING: Key is in unexpected "
"state, "
"performing auto-healing.\n"));
if (goal == OMNIPRESENT) {
if (dnskey == HIDDEN && ds == HIDDEN) {
if (!zsk) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Key is created but not "
"published yet.\n"));
}
} else if (dnskey == RUMOURED && ds == HIDDEN) {
if (!zsk) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" Key is pre-published.\n"));
}
} else if (dnskey == OMNIPRESENT && ds == HIDDEN) {
if (keymgr_dep(key, keyring, NULL)) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" Waiting for the DS to be "
"submitted to the parent.\n"));
} else {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" Wait for zone to be fully "
"signed before submitting the "
isc_result_t ret = dst_key_gettime(
key, DST_TIME_DSPUBLISH, &dstime);
if (ret != ISC_R_SUCCESS || dstime > now) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" Waiting for the DS to be "
"published to the parent.\n"));
if (checkds) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" checkds is enabled, "
"BIND will check the "
"DS RRset "
"periodically.\n"));
} else {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" ! Once the DS is in "
"the parent, run 'rndc "
dst_key_id(key)));
}
} else {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Waiting TTL period for "
"validators to pick up "
"the new DS RRset.\n"));
active_state = DST_TIME_PUBLISH;
retire_state = DST_TIME_DELETE;
} else {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " WARNING: Key is in unexpected "
"state, "
"performing auto-healing.\n"));
}
} else if (goal == HIDDEN) {
if (dnskey == OMNIPRESENT && ds == OMNIPRESENT) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" Key will be retired after the DS is "
"withdrawn from the parent.\n"));
isc_result_t ret = dst_key_gettime(
key, DST_TIME_DSDELETE, &dstime);
if (ret != ISC_R_SUCCESS || dstime > now) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" Waiting for the DS to be "
"removed from the parent.\n"));
if (checkds) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" checkds is enabled, "
"BIND will check the "
"DS RRset "
"periodically.\n"));
} else {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" ! Once the DS is "
"removed from the "
dst_key_id(key)));
}
} else {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Waiting TTL period for "
"validators to pick up "
"the new DS RRset.\n"));
}
} else if (dnskey == OMNIPRESENT && ds == HIDDEN) {
- RETERR(isc_buffer_printf(
- buf, " Key is removed from chain of "
- "trust.\n"));
+ CHECK(isc_buffer_printf(buf, " Key is removed "
+ "from chain of "
+ "trust.\n"));
} else if (dnskey == UNRETENTIVE && ds == HIDDEN) {
if (!zsk) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " Key is removed from "
"zone.\n"));
}
} else if (dnskey == HIDDEN && ds == HIDDEN) {
if (!zsk) {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf,
" Key is completely hidden "
"(waiting to be purged).\n"));
}
} else {
- RETERR(isc_buffer_printf(
+ CHECK(isc_buffer_printf(
buf, " WARNING: Key is in unexpected "
"state, "
"performing auto-healing.\n"));
char timestr[26]; /* Minimal buf as per ctime_r() spec.
*/
if (now < retire_time) {
- RETERR(isc_buffer_printf(buf, " Next rollover "
- "scheduled on "));
+ CHECK(isc_buffer_printf(buf, " Next rollover "
+ "scheduled on "));
retire_time = keymgr_prepublication_time(
dkey, kasp, retire_time - active_time,
now);
} else {
- RETERR(isc_buffer_printf(buf, " Rollover is "
- "due since "));
+ CHECK(isc_buffer_printf(buf, " Rollover is "
+ "due since "));
}
isc_stdtime_tostring(retire_time, timestr,
sizeof(timestr));
- RETERR(isc_buffer_printf(buf, "%s\n", timestr));
+ CHECK(isc_buffer_printf(buf, "%s\n", timestr));
} else {
- RETERR(isc_buffer_printf(buf,
- " No rollover scheduled.\n"));
+ CHECK(isc_buffer_printf(buf,
+ " No rollover scheduled.\n"));
}
}
-failure:
+cleanup:
return result;
}
// key data
dns_secalg_format((dns_secalg_t)dst_key_alg(dkey->key), algstr,
sizeof(algstr));
- RETERR(isc_buffer_printf(buf, "\n%s %d (%s):\n",
- keymgr_keyrole(dkey->key),
- dst_key_id(dkey->key), algstr));
+ CHECK(isc_buffer_printf(buf, "\n%s %d (%s):\n",
+ keymgr_keyrole(dkey->key),
+ dst_key_id(dkey->key), algstr));
// rollover status
- RETERR(rollover_status(dkey, kasp, keyring, now, buf, &verbose,
- checkds));
+ CHECK(rollover_status(dkey, kasp, keyring, now, buf, &verbose,
+ checkds));
if (verbose) {
// key states
- RETERR(isc_buffer_printf(buf, " Key states:\n"));
+ CHECK(isc_buffer_printf(buf, " Key states:\n"));
- RETERR(keystate_status(
+ CHECK(keystate_status(
dkey->key, buf,
"goal: ", DST_KEY_GOAL));
- RETERR(keystate_status(
+ CHECK(keystate_status(
dkey->key, buf,
"dnskey: ", DST_KEY_DNSKEY));
- RETERR(keystate_status(dkey->key, buf,
- "ds: ", DST_KEY_DS));
- RETERR(keystate_status(
+ CHECK(keystate_status(dkey->key, buf,
+ "ds: ", DST_KEY_DS));
+ CHECK(keystate_status(
dkey->key, buf,
"zone rrsig: ", DST_KEY_ZRRSIG));
- RETERR(keystate_status(
+ CHECK(keystate_status(
dkey->key, buf,
"key rrsig: ", DST_KEY_KRRSIG));
}
}
-failure:
+cleanup:
return result;
}
dns_keymgr_key_init(dkey, kasp, now, false);
/* Get current metadata */
- RETERR(dst_key_getstate(dkey->key, DST_KEY_DNSKEY,
- ¤t_dnskey));
- RETERR(dst_key_getstate(dkey->key, DST_KEY_ZRRSIG,
- ¤t_zrrsig));
- RETERR(dst_key_getstate(dkey->key, DST_KEY_GOAL,
- ¤t_goal));
- RETERR(dst_key_gettime(dkey->key, DST_TIME_PUBLISH,
- &published));
- RETERR(dst_key_gettime(dkey->key, DST_TIME_ACTIVATE, &active));
+ CHECK(dst_key_getstate(dkey->key, DST_KEY_DNSKEY,
+ ¤t_dnskey));
+ CHECK(dst_key_getstate(dkey->key, DST_KEY_ZRRSIG,
+ ¤t_zrrsig));
+ CHECK(dst_key_getstate(dkey->key, DST_KEY_GOAL, ¤t_goal));
+ CHECK(dst_key_gettime(dkey->key, DST_TIME_PUBLISH, &published));
+ CHECK(dst_key_gettime(dkey->key, DST_TIME_ACTIVATE, &active));
(void)dst_key_gettime(dkey->key, DST_TIME_INACTIVE, &inactive);
(void)dst_key_gettime(dkey->key, DST_TIME_DELETE, &remove);
dns_dnssec_get_hints(dkey, now);
- RETERR(dst_key_tofile(dkey->key, options, directory));
+ CHECK(dst_key_tofile(dkey->key, options, directory));
dst_key_setmodified(dkey->key, false);
if (!isc_log_wouldlog(ISC_LOG_DEBUG(3))) {
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (isc_log_wouldlog(ISC_LOG_DEBUG(3))) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(origin, namebuf, sizeof(namebuf));
#define DNS_DCTX_MAGIC ISC_MAGIC('D', 'c', 't', 'x')
#define DNS_DCTX_VALID(d) ISC_MAGIC_VALID(d, DNS_DCTX_MAGIC)
-#define RETERR(x) \
- do { \
- isc_result_t _r = (x); \
- if (_r != ISC_R_SUCCESS) \
- return ((_r)); \
- } while (0)
-
-#define CHECK(x) \
- do { \
- if ((x) != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
struct dns_master_style {
dns_masterstyle_flags_t flags; /* DNS_STYLEFLAG_* */
unsigned int ttl_column;
#include <dst/dst.h>
-#define CHECK(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
#define OPTOUT(x) (((x) & DNS_NSEC3FLAG_OPTOUT) != 0)
#define CREATE(x) (((x) & DNS_NSEC3FLAG_CREATE) != 0)
#define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0)
dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, name,
rdataset.ttl, &rdata, &tuple);
- result = do_one_tuple(&tuple, db, version, diff);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(do_one_tuple(&tuple, db, version, diff));
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
dns_rdataset_disassociate(&rdataset);
cleanup_node:
dns_db_detachnode(&node);
} else if (CREATE(nsec3param->flags) && OPTOUT(flags)) {
result = dns_nsec3_delnsec3(db, version, name,
nsec3param, diff);
- goto failure;
+ goto cleanup;
} else {
maybe_remove_unsecure = true;
}
if (OPTOUT(nsec3.flags)) {
result = dns_nsec3_delnsec3(db, version, name,
nsec3param, diff);
- goto failure;
+ goto cleanup;
}
goto addnsec3;
} else {
*/
if (OPTOUT(nsec3.flags) && unsecure) {
dns_rdataset_disassociate(&rdataset);
- goto failure;
+ goto cleanup;
}
}
/* result cannot be ISC_R_NOMORE here */
INSIST(result != ISC_R_NOMORE);
-failure:
+cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
nsecttl, unsecure, diff));
}
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
- goto failure;
+ goto cleanup;
}
bool matched = false;
dns_rdataset_disassociate(&rdataset);
*flag = matched;
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
DNS_RDATASET_FOREACH(&rdataset) {
dns_rdata_t rdata = DNS_RDATA_INIT;
try_private:
if (privatetype == 0) {
- goto success;
+ result = ISC_R_SUCCESS;
+ goto cleanup;
}
result = dns_db_findrdataset(db, node, ver, privatetype, 0,
(isc_stdtime_t)0, &rdataset, NULL);
if (result == ISC_R_NOTFOUND) {
- goto success;
- }
- if (result != ISC_R_SUCCESS) {
- goto failure;
+ result = ISC_R_SUCCESS;
+ goto cleanup;
}
+ CHECK(result);
DNS_RDATASET_FOREACH(&rdataset) {
dns_rdata_t rdata = DNS_RDATA_INIT;
}
}
-success:
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
result = dns_db_findrdataset(db, node, version, type, 0, 0, &prdataset,
NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
- goto failure;
+ CHECK(result);
}
result = dns_db_findrdataset(db, node, version,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
/*
* Update each active NSEC3 chain.
try_private:
if (!dns_rdataset_isassociated(&prdataset)) {
- goto success;
+ result = ISC_R_SUCCESS;
+ goto cleanup;
}
+
/*
* Update each active NSEC3 chain.
*/
nsecttl, unsecure, diff));
}
-success:
result = ISC_R_SUCCESS;
-failure:
+
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
goto cleanup_orphaned_ents;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
CHECK(dns_dbiterator_current(dbit, &node, NULL));
CHECK(dns_dbiterator_pause(dbit));
if (result == ISC_R_NOTFOUND) {
goto cleanup_orphaned_ents;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
/*
* If we find a existing NSEC3 for this chain then save the
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_NOTFOUND) {
- goto success;
+ result = ISC_R_SUCCESS;
+ goto cleanup;
}
/*
salt_length));
result = dns_dbiterator_seek(dbit, hashname);
if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
- goto success;
- }
- if (result != ISC_R_SUCCESS) {
- goto failure;
+ result = ISC_R_SUCCESS;
+ goto cleanup;
}
+ CHECK(result);
CHECK(dns_dbiterator_current(dbit, &node, NULL));
CHECK(dns_dbiterator_pause(dbit));
(isc_stdtime_t)0, &rdataset, NULL);
dns_db_detachnode(&node);
if (result == ISC_R_NOTFOUND) {
- goto success;
- }
- if (result != ISC_R_SUCCESS) {
- goto failure;
+ result = ISC_R_SUCCESS;
+ goto cleanup;
}
+ CHECK(result);
result = find_nsec3(&nsec3, &rdataset, nsec3param);
if (result == ISC_R_SUCCESS) {
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_NOTFOUND) {
- goto success;
+ result = ISC_R_SUCCESS;
+ goto cleanup;
}
pass = 0;
CHECK(delnsec3(db, version, hashname, nsec3param, diff));
} while (1);
-success:
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
/*
* Update each active NSEC3 chain.
try_private:
if (privatetype == 0) {
- goto success;
+ result = ISC_R_SUCCESS;
+ goto cleanup;
}
result = dns_db_findrdataset(db, node, version, privatetype, 0, 0,
&rdataset, NULL);
if (result == ISC_R_NOTFOUND) {
- goto success;
- }
- if (result != ISC_R_SUCCESS) {
- goto failure;
+ result = ISC_R_SUCCESS;
+ goto cleanup;
}
+ CHECK(result);
/*
* Update each NSEC3 chain being built.
CHECK(dns_nsec3_delnsec3(db, version, name, &nsec3param, diff));
}
-success:
result = ISC_R_SUCCESS;
-failure:
+
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
#include "openssl_shim.h"
-#define DST_RET(a) \
- { \
- ret = a; \
- goto err; \
+#define DST_RET(a) \
+ { \
+ result = a; \
+ goto cleanup; \
}
static isc_result_t
const char *pin, EVP_PKEY **ppub,
EVP_PKEY **ppriv) {
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- isc_result_t ret = DST_R_OPENSSLFAILURE;
+ isc_result_t result = DST_R_OPENSSLFAILURE;
OSSL_STORE_CTX *ctx = NULL;
UNUSED(pin);
OSSL_STORE_INFO_free(info);
}
if (*ppriv != NULL && *ppub != NULL) {
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
}
-err:
+cleanup:
OSSL_STORE_close(ctx);
- return ret;
+ return result;
#else
UNUSED(key_base_id);
UNUSED(label);
#define MAX_PRIVKEY_SIZE (MAX_PUBKEY_SIZE / 2)
-#define DST_RET(a) \
- { \
- ret = a; \
- goto err; \
+#define DST_RET(a) \
+ { \
+ result = a; \
+ goto cleanup; \
}
#if OPENSSL_VERSION_NUMBER >= 0x30200000L
opensslecdsa_create_pkey_params(unsigned int key_alg, bool private,
const unsigned char *key, size_t key_len,
EVP_PKEY **pkey) {
- isc_result_t ret;
+ isc_result_t result;
int status;
int group_nid = opensslecdsa_key_alg_to_group_nid(key_alg);
const char *groupname = opensslecdsa_key_alg_to_group_name(key_alg);
DST_R_OPENSSLFAILURE));
}
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
OSSL_PARAM_free(params);
OSSL_PARAM_BLD_free(bld);
EVP_PKEY_CTX_free(ctx);
EC_POINT_free(pubkey);
EC_GROUP_free(group);
- return ret;
+ return result;
}
static bool
opensslecdsa_create_pkey_legacy(unsigned int key_alg, bool private,
const unsigned char *key, size_t key_len,
EVP_PKEY **retkey) {
- isc_result_t ret = ISC_R_SUCCESS;
+ isc_result_t result = ISC_R_SUCCESS;
EC_KEY *eckey = NULL;
EVP_PKEY *pkey = NULL;
BIGNUM *privkey = NULL;
*retkey = pkey;
pkey = NULL;
-err:
+cleanup:
BN_clear_free(privkey);
EC_POINT_free(pubkey);
EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
- return ret;
+ return result;
}
static bool
opensslecdsa_create_pkey(unsigned int key_alg, bool private,
const unsigned char *key, size_t key_len,
EVP_PKEY **retkey) {
- isc_result_t ret;
+ isc_result_t result;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- ret = opensslecdsa_create_pkey_params(key_alg, private, key, key_len,
- retkey);
- if (ret != ISC_R_FAILURE) {
- return ret;
+ result = opensslecdsa_create_pkey_params(key_alg, private, key, key_len,
+ retkey);
+ if (result != ISC_R_FAILURE) {
+ return result;
}
#else
- ret = opensslecdsa_create_pkey_legacy(key_alg, private, key, key_len,
- retkey);
- if (ret == ISC_R_SUCCESS) {
- return ret;
+ result = opensslecdsa_create_pkey_legacy(key_alg, private, key, key_len,
+ retkey);
+ if (result == ISC_R_SUCCESS) {
+ return result;
}
#endif
return DST_R_OPENSSLFAILURE;
opensslecdsa_generate_pkey_with_uri(int group_nid, const char *label,
EVP_PKEY **retkey) {
int status;
- isc_result_t ret;
+ isc_result_t result;
char *uri = UNCONST(label);
EVP_PKEY_CTX *ctx = NULL;
OSSL_PARAM params[3];
DST_R_OPENSSLFAILURE));
}
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
EVP_PKEY_CTX_free(ctx);
- return ret;
+ return result;
}
static isc_result_t
opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
EVP_PKEY **retkey) {
- isc_result_t ret;
+ isc_result_t result;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *params_pkey = NULL;
int group_nid = opensslecdsa_key_alg_to_group_nid(key_alg);
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen",
DST_R_OPENSSLFAILURE));
}
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
EVP_PKEY_free(params_pkey);
EVP_PKEY_CTX_free(ctx);
- return ret;
+ return result;
}
static isc_result_t
static isc_result_t
opensslecdsa_generate_pkey(unsigned int key_alg, const char *label,
EVP_PKEY **retkey) {
- isc_result_t ret;
+ isc_result_t result;
EC_KEY *eckey = NULL;
EVP_PKEY *pkey = NULL;
int group_nid;
}
*retkey = pkey;
pkey = NULL;
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
- return ret;
+ return result;
}
static isc_result_t
static isc_result_t
opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
- isc_result_t ret = ISC_R_SUCCESS;
+ isc_result_t result = ISC_R_SUCCESS;
EVP_MD_CTX *evp_md_ctx;
EVP_PKEY_CTX *pctx = NULL;
const EVP_MD *type = NULL;
#if OPENSSL_VERSION_NUMBER >= 0x30200000L
if (!isc_crypto_fips_mode()) {
- ret = opensslecdsa_set_deterministic(
- pctx, dctx->key->key_alg);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(opensslecdsa_set_deterministic(
+ pctx, dctx->key->key_alg));
}
#endif /* OPENSSL_VERSION_NUMBER >= 0x30200000L */
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
-err:
- return ret;
+cleanup:
+ return result;
}
static void
static isc_result_t
opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
- isc_result_t ret = ISC_R_SUCCESS;
+ isc_result_t result = ISC_R_SUCCESS;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
REQUIRE(opensslecdsa_valid_key_alg(dctx->key->key_alg));
}
}
-err:
- return ret;
+cleanup:
+ return result;
}
static isc_result_t
opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
- isc_result_t ret;
+ isc_result_t result;
dst_key_t *key = dctx->key;
isc_region_t region;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
isc_region_consume(®ion, siglen / 2);
ECDSA_SIG_free(ecdsasig);
isc_buffer_add(sig, siglen);
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
if (sigder != NULL && sigder_alloced != 0) {
isc_mem_put(dctx->mctx, sigder, sigder_alloced);
}
- return ret;
+ return result;
}
static isc_result_t
opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
- isc_result_t ret;
+ isc_result_t result;
dst_key_t *key = dctx->key;
int status;
unsigned char *cp = sig->base;
switch (status) {
case 1:
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
break;
case 0:
- ret = dst__openssl_toresult(DST_R_VERIFYFAILURE);
+ result = dst__openssl_toresult(DST_R_VERIFYFAILURE);
break;
default:
- ret = dst__openssl_toresult3(dctx->category,
- "EVP_DigestVerifyFinal",
- DST_R_VERIFYFAILURE);
+ result = dst__openssl_toresult3(dctx->category,
+ "EVP_DigestVerifyFinal",
+ DST_R_VERIFYFAILURE);
break;
}
-err:
+cleanup:
if (ecdsasig != NULL) {
ECDSA_SIG_free(ecdsasig);
}
isc_mem_put(dctx->mctx, sigder, sigder_alloced);
}
- return ret;
+ return result;
}
static isc_result_t
static isc_result_t
opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) {
- isc_result_t ret;
+ isc_result_t result;
isc_region_t r;
size_t keysize;
}
isc_buffer_add(data, keysize);
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
- return ret;
+cleanup:
+ return result;
}
static isc_result_t
opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
- isc_result_t ret;
+ isc_result_t result;
EVP_PKEY *pkey = NULL;
isc_region_t r;
size_t len;
DST_RET(DST_R_INVALIDPUBLICKEY);
}
- ret = opensslecdsa_create_pkey(key->key_alg, false, r.base, len, &pkey);
- if (ret != ISC_R_SUCCESS) {
- DST_RET(ret);
- }
+ CHECK(opensslecdsa_create_pkey(key->key_alg, false, r.base, len,
+ &pkey));
isc_buffer_forward(data, len);
key->key_size = EVP_PKEY_bits(pkey);
key->keydata.pkeypair.pub = pkey;
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
- return ret;
+cleanup:
+ return result;
}
static isc_result_t
opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
- isc_result_t ret;
+ isc_result_t result;
dst_private_t priv;
unsigned char buf[MAX_PRIVKEY_SIZE];
size_t keylen = 0;
}
priv.nelements = i;
- ret = dst__privstruct_writefile(key, &priv, directory);
+ result = dst__privstruct_writefile(key, &priv, directory);
-err:
+cleanup:
isc_safe_memwipe(buf, keylen);
- return ret;
+ return result;
}
static isc_result_t
static isc_result_t
opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
- isc_result_t ret;
+ isc_result_t result;
EVP_PKEY *pkey = NULL;
const char *label = NULL;
int i, privkey_index = -1;
REQUIRE(opensslecdsa_valid_key_alg(key->key_alg));
/* read private key file */
- ret = dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, key->mctx,
- &priv);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, key->mctx,
+ &priv));
if (key->external) {
if (priv.nelements != 0 || pub == NULL) {
}
if (label != NULL) {
- ret = opensslecdsa_fromlabel(key, label, NULL);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(opensslecdsa_fromlabel(key, label, NULL));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(key->keydata.pkeypair.pub,
pub->keydata.pkeypair.pub) != 1)
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
- ret = opensslecdsa_create_pkey(
+ CHECK(opensslecdsa_create_pkey(
key->key_alg, true, priv.elements[privkey_index].data,
- priv.elements[privkey_index].length, &pkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ priv.elements[privkey_index].length, &pkey));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(pkey, pub->keydata.pkeypair.pub) != 1) {
key->keydata.pkeypair.pub = pkey;
pkey = NULL;
-err:
+cleanup:
EVP_PKEY_free(pkey);
- if (ret != ISC_R_SUCCESS) {
+ if (result != ISC_R_SUCCESS) {
key->keydata.generic = NULL;
}
dst__privstruct_free(&priv, key->mctx);
isc_safe_memwipe(&priv, sizeof(priv));
- return ret;
+ return result;
}
static isc_result_t
opensslecdsa_fromlabel(dst_key_t *key, const char *label, const char *pin) {
EVP_PKEY *privpkey = NULL, *pubpkey = NULL;
- isc_result_t ret;
+ isc_result_t result;
REQUIRE(opensslecdsa_valid_key_alg(key->key_alg));
UNUSED(pin);
- ret = dst__openssl_fromlabel(EVP_PKEY_EC, label, pin, &pubpkey,
- &privpkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(dst__openssl_fromlabel(EVP_PKEY_EC, label, pin, &pubpkey,
+ &privpkey));
- ret = opensslecdsa_validate_pkey_group(key->key_alg, privpkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
- ret = opensslecdsa_validate_pkey_group(key->key_alg, pubpkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(opensslecdsa_validate_pkey_group(key->key_alg, privpkey));
+ CHECK(opensslecdsa_validate_pkey_group(key->key_alg, pubpkey));
key->label = isc_mem_strdup(key->mctx, label);
key->key_size = EVP_PKEY_bits(privpkey);
privpkey = NULL;
pubpkey = NULL;
-err:
+cleanup:
EVP_PKEY_free(privpkey);
EVP_PKEY_free(pubpkey);
- return ret;
+ return result;
}
static dst_func_t opensslecdsa_functions = {
#include "dst_parse.h"
#include "openssl_shim.h"
-#define DST_RET(a) \
- { \
- ret = a; \
- goto err; \
+#define DST_RET(a) \
+ { \
+ result = a; \
+ goto cleanup; \
}
#ifndef NID_ED25519
static isc_result_t
raw_key_to_ossl(const eddsa_alginfo_t *alginfo, int private,
const unsigned char *key, size_t *key_len, EVP_PKEY **pkey) {
- isc_result_t ret;
+ isc_result_t result;
int pkey_type = alginfo->pkey_type;
size_t len = alginfo->key_size;
- ret = (private ? DST_R_INVALIDPRIVATEKEY : DST_R_INVALIDPUBLICKEY);
+ result = (private ? DST_R_INVALIDPRIVATEKEY : DST_R_INVALIDPUBLICKEY);
if (*key_len < len) {
- return ret;
+ return result;
}
if (private) {
*pkey = EVP_PKEY_new_raw_public_key(pkey_type, NULL, key, len);
}
if (*pkey == NULL) {
- return dst__openssl_toresult(ret);
+ return dst__openssl_toresult(result);
}
*key_len = len;
static isc_result_t
openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
- isc_result_t ret;
+ isc_result_t result;
dst_key_t *key = dctx->key;
isc_region_t tbsreg;
isc_region_t sigreg;
DST_R_SIGNFAILURE));
}
isc_buffer_add(sig, (unsigned int)siglen);
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
EVP_MD_CTX_free(ctx);
isc_buffer_free(&buf);
dctx->ctxdata.generic = NULL;
- return ret;
+ return result;
}
static isc_result_t
openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
- isc_result_t ret;
+ isc_result_t result;
dst_key_t *key = dctx->key;
int status;
isc_region_t tbsreg;
switch (status) {
case 1:
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
break;
case 0:
- ret = dst__openssl_toresult(DST_R_VERIFYFAILURE);
+ result = dst__openssl_toresult(DST_R_VERIFYFAILURE);
break;
default:
- ret = dst__openssl_toresult3(dctx->category, "EVP_DigestVerify",
- DST_R_VERIFYFAILURE);
+ result = dst__openssl_toresult3(dctx->category,
+ "EVP_DigestVerify",
+ DST_R_VERIFYFAILURE);
break;
}
-err:
+cleanup:
EVP_MD_CTX_free(ctx);
isc_buffer_free(&buf);
dctx->ctxdata.generic = NULL;
- return ret;
+ return result;
}
static isc_result_t
openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
- isc_result_t ret;
+ isc_result_t result;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
key->key_size = alginfo->key_size * 8;
key->keydata.pkeypair.priv = pkey;
key->keydata.pkeypair.pub = pkey;
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
EVP_PKEY_CTX_free(ctx);
- return ret;
+ return result;
}
static isc_result_t
static isc_result_t
openssleddsa_tofile(const dst_key_t *key, const char *directory) {
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
- isc_result_t ret;
+ isc_result_t result;
dst_private_t priv;
unsigned char *buf = NULL;
size_t len;
}
priv.nelements = i;
- ret = dst__privstruct_writefile(key, &priv, directory);
+ result = dst__privstruct_writefile(key, &priv, directory);
-err:
+cleanup:
if (buf != NULL) {
isc_mem_put(key->mctx, buf, len);
}
- return ret;
+ return result;
}
static isc_result_t
openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
dst_private_t priv;
- isc_result_t ret;
+ isc_result_t result;
int i, privkey_index = -1;
const char *label = NULL;
EVP_PKEY *pkey = NULL;
REQUIRE(alginfo != NULL);
/* read private key file */
- ret = dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv));
if (key->external) {
if (priv.nelements != 0) {
}
if (label != NULL) {
- ret = openssleddsa_fromlabel(key, label, NULL);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(openssleddsa_fromlabel(key, label, NULL));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(key->keydata.pkeypair.pub,
pub->keydata.pkeypair.pub) != 1)
}
len = priv.elements[privkey_index].length;
- ret = raw_key_to_ossl(alginfo, 1, priv.elements[privkey_index].data,
- &len, &pkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(raw_key_to_ossl(alginfo, 1, priv.elements[privkey_index].data,
+ &len, &pkey));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(pkey, pub->keydata.pkeypair.pub) != 1) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
key->keydata.pkeypair.pub = pkey;
key->key_size = len * 8;
pkey = NULL;
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
EVP_PKEY_free(pkey);
dst__privstruct_free(&priv, mctx);
isc_safe_memwipe(&priv, sizeof(priv));
- return ret;
+ return result;
}
static isc_result_t
openssleddsa_fromlabel(dst_key_t *key, const char *label, const char *pin) {
const eddsa_alginfo_t *alginfo = openssleddsa_alg_info(key->key_alg);
EVP_PKEY *privpkey = NULL, *pubpkey = NULL;
- isc_result_t ret;
+ isc_result_t result;
REQUIRE(alginfo != NULL);
UNUSED(pin);
- ret = dst__openssl_fromlabel(alginfo->pkey_type, label, pin, &pubpkey,
- &privpkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(dst__openssl_fromlabel(alginfo->pkey_type, label, pin, &pubpkey,
+ &privpkey));
key->label = isc_mem_strdup(key->mctx, label);
key->key_size = EVP_PKEY_bits(privpkey);
privpkey = NULL;
pubpkey = NULL;
-err:
+cleanup:
EVP_PKEY_free(privpkey);
EVP_PKEY_free(pubpkey);
- return ret;
+ return result;
}
static dst_func_t openssleddsa_functions = {
const unsigned char *key = NULL;
const unsigned char *sig = NULL;
const unsigned char test[] = "test";
- isc_result_t ret = ISC_R_SUCCESS;
+ isc_result_t result = ISC_R_SUCCESS;
size_t key_len, sig_len;
if (evp_md_ctx == NULL) {
}
INSIST(alginfo != NULL);
- ret = raw_key_to_ossl(alginfo, 0, key, &key_len, &pkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(raw_key_to_ossl(alginfo, 0, key, &key_len, &pkey));
/*
* Check that we can verify the signature.
DST_RET(ISC_R_NOTIMPLEMENTED);
}
-err:
+cleanup:
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
EVP_MD_CTX_destroy(evp_md_ctx);
}
ERR_clear_error();
- return ret;
+ return result;
}
void
#include "dst_parse.h"
#include "openssl_shim.h"
-#define DST_RET(a) \
- { \
- ret = a; \
- goto err; \
+#define DST_RET(a) \
+ { \
+ result = a; \
+ goto cleanup; \
}
#define OPENSSLRSA_MAX_MODULUS_BITS 4096
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
BN_GENCB *cb = NULL;
- isc_result_t ret;
+ isc_result_t result;
UNUSED(label);
}
*retkey = pkey;
pkey = NULL;
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
EVP_PKEY_free(pkey);
RSA_free(rsa);
BN_GENCB_free(cb);
- return ret;
+ return result;
}
static isc_result_t
opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
- isc_result_t ret;
+ isc_result_t result;
EVP_PKEY *pkey = NULL;
RSA *rsa = RSA_new();
int status;
*retpkey = pkey;
pkey = NULL;
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
EVP_PKEY_free(pkey);
RSA_free(rsa);
opensslrsa_components_free(c);
- return ret;
+ return result;
}
#else
static int
EVP_PKEY_CTX *ctx = NULL;
OSSL_PARAM params[4];
char *uri = UNCONST(label);
- isc_result_t ret;
+ isc_result_t result;
int status;
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
DST_R_OPENSSLFAILURE));
}
- ret = ISC_R_SUCCESS;
-err:
+ result = ISC_R_SUCCESS;
+cleanup:
EVP_PKEY_CTX_free(ctx);
- return ret;
+ return result;
}
static isc_result_t
opensslrsa_generate_pkey(unsigned int key_size, const char *label, BIGNUM *e,
void (*callback)(int), EVP_PKEY **retkey) {
EVP_PKEY_CTX *ctx;
- isc_result_t ret;
+ isc_result_t result;
if (label != NULL) {
return opensslrsa_generate_pkey_with_uri(key_size, label,
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen",
DST_R_OPENSSLFAILURE));
}
- ret = ISC_R_SUCCESS;
-err:
+ result = ISC_R_SUCCESS;
+cleanup:
EVP_PKEY_CTX_free(ctx);
- return ret;
+ return result;
}
static isc_result_t
opensslrsa_build_pkey(bool private, rsa_components_t *c, EVP_PKEY **retpkey) {
- isc_result_t ret;
+ isc_result_t result;
int status;
OSSL_PARAM_BLD *bld = NULL;
OSSL_PARAM *params = NULL;
DST_RET(dst__openssl_toresult2("EVP_PKEY_fromdata",
DST_R_OPENSSLFAILURE));
}
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
OSSL_PARAM_BLD_free(bld);
- return ret;
+ return result;
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
static isc_result_t
opensslrsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
- isc_result_t ret;
+ isc_result_t result;
BIGNUM *e = BN_new();
EVP_PKEY *pkey = NULL;
BN_set_bit(e, 0);
BN_set_bit(e, 16);
- ret = opensslrsa_generate_pkey(key->key_size, key->label, e, callback,
- &pkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(opensslrsa_generate_pkey(key->key_size, key->label, e, callback,
+ &pkey));
key->keydata.pkeypair.pub = pkey;
key->keydata.pkeypair.priv = pkey;
pkey = NULL;
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
-err:
+cleanup:
EVP_PKEY_free(pkey);
BN_free(e);
- return ret;
+ return result;
}
static isc_result_t
isc_region_t r;
unsigned int e_bytes;
unsigned int mod_bytes;
- isc_result_t ret;
+ isc_result_t result;
rsa_components_t c = { 0 };
REQUIRE(key->keydata.pkeypair.pub != NULL);
break;
}
- ret = opensslrsa_components_get(key, &c, false);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(opensslrsa_components_get(key, &c, false));
mod_bytes = BN_num_bytes(c.n);
e_bytes = BN_num_bytes(c.e);
isc_buffer_add(data, e_bytes + mod_bytes);
- ret = ISC_R_SUCCESS;
-err:
+ result = ISC_R_SUCCESS;
+cleanup:
opensslrsa_components_free(&c);
- return ret;
+ return result;
}
static isc_result_t
opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
- isc_result_t ret;
+ isc_result_t result;
isc_region_t r;
unsigned int e_bytes;
unsigned int length;
isc_buffer_forward(data, length);
key->key_size = BN_num_bits(c.n);
- ret = opensslrsa_build_pkey(false, &c, &key->keydata.pkeypair.pub);
+ result = opensslrsa_build_pkey(false, &c, &key->keydata.pkeypair.pub);
-err:
+cleanup:
opensslrsa_components_free(&c);
- return ret;
+ return result;
}
static isc_result_t
opensslrsa_tofile(const dst_key_t *key, const char *directory) {
- isc_result_t ret;
+ isc_result_t result;
dst_private_t priv = { 0 };
unsigned char *bufs[8] = { NULL };
unsigned short i = 0;
return dst__privstruct_writefile(key, &priv, directory);
}
- ret = opensslrsa_components_get(key, &c, true);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(opensslrsa_components_get(key, &c, true));
priv.elements[i].tag = TAG_RSA_MODULUS;
priv.elements[i].length = BN_num_bytes(c.n);
}
priv.nelements = i;
- ret = dst__privstruct_writefile(key, &priv, directory);
+ result = dst__privstruct_writefile(key, &priv, directory);
-err:
+cleanup:
for (i = 0; i < ARRAY_SIZE(bufs); i++) {
if (bufs[i] != NULL) {
isc_mem_put(key->mctx, bufs[i],
}
opensslrsa_components_free(&c);
- return ret;
+ return result;
}
static isc_result_t
static isc_result_t
opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
- isc_result_t ret;
+ isc_result_t result;
int i;
isc_mem_t *mctx = NULL;
const char *label = NULL;
mctx = key->mctx;
/* read private key file */
- ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv));
if (key->external) {
if (priv.nelements != 0 || pub == NULL) {
* See if we can fetch it.
*/
if (label != NULL) {
- ret = opensslrsa_fromlabel(key, label, NULL);
- if (ret != ISC_R_SUCCESS) {
- DST_RET(ret);
- }
+ CHECK(opensslrsa_fromlabel(key, label, NULL));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(key->keydata.pkeypair.pub,
pub->keydata.pkeypair.pub) != 1)
}
key->key_size = BN_num_bits(c.n);
- ret = opensslrsa_build_pkey(true, &c, &pkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(opensslrsa_build_pkey(true, &c, &pkey));
/* Check that the public component matches if given */
if (pub != NULL && EVP_PKEY_eq(pkey, pub->keydata.pkeypair.pub) != 1) {
key->keydata.pkeypair.priv = pkey;
pkey = NULL;
-err:
+cleanup:
opensslrsa_components_free(&c);
EVP_PKEY_free(pkey);
- if (ret != ISC_R_SUCCESS) {
+ if (result != ISC_R_SUCCESS) {
key->keydata.generic = NULL;
}
dst__privstruct_free(&priv, mctx);
isc_safe_memwipe(&priv, sizeof(priv));
- return ret;
+ return result;
}
static isc_result_t
opensslrsa_fromlabel(dst_key_t *key, const char *label, const char *pin) {
EVP_PKEY *privpkey = NULL, *pubpkey = NULL;
- isc_result_t ret;
+ isc_result_t result;
- ret = dst__openssl_fromlabel(EVP_PKEY_RSA, label, pin, &pubpkey,
- &privpkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ CHECK(dst__openssl_fromlabel(EVP_PKEY_RSA, label, pin, &pubpkey,
+ &privpkey));
if (!opensslrsa_check_exponent_bits(pubpkey, RSA_MAX_PUBEXP_BITS)) {
DST_RET(ISC_R_RANGE);
privpkey = NULL;
pubpkey = NULL;
-err:
+cleanup:
EVP_PKEY_free(privpkey);
EVP_PKEY_free(pubpkey);
- return ret;
+ return result;
}
static dst_func_t opensslrsa_functions = {
EVP_PKEY *pkey = NULL;
const EVP_MD *type = NULL;
const unsigned char *sig = NULL;
- isc_result_t ret = ISC_R_SUCCESS;
+ isc_result_t result = ISC_R_SUCCESS;
size_t len;
switch (algorithm) {
c.e = BN_bin2bn(e_bytes, sizeof(e_bytes) - 1, NULL);
c.n = BN_bin2bn(n_bytes, sizeof(n_bytes) - 1, NULL);
- ret = opensslrsa_build_pkey(false, &c, &pkey);
- INSIST(ret == ISC_R_SUCCESS);
+ result = opensslrsa_build_pkey(false, &c, &pkey);
+ INSIST(result == ISC_R_SUCCESS);
/*
* Check that we can verify the signature.
DST_RET(ISC_R_NOTIMPLEMENTED);
}
-err:
+cleanup:
opensslrsa_components_free(&c);
EVP_PKEY_free(pkey);
EVP_MD_CTX_destroy(evp_md_ctx);
ERR_clear_error();
- return ret;
+ return result;
}
void
#define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0)
#define NONSEC(x) (((x) & DNS_NSEC3FLAG_NONSEC) != 0)
-#define CHECK(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
/*
* Work out if 'param' should be ignored or not (i.e. it is in the process
* of being removed).
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec, 0,
(isc_stdtime_t)0, &nsecset, NULL);
- if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
- goto failure;
+ if (result != ISC_R_NOTFOUND) {
+ CHECK(result);
}
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3param, 0,
(isc_stdtime_t)0, &nsec3paramset, NULL);
- if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
- goto failure;
+ if (result != ISC_R_NOTFOUND) {
+ CHECK(result);
}
if (dns_rdataset_isassociated(&nsecset) &&
result = dns_db_findrdataset(db, node, ver, privatetype, 0,
(isc_stdtime_t)0, &privateset,
NULL);
- if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
- goto failure;
+ if (result != ISC_R_NOTFOUND) {
+ CHECK(result);
}
}
success:
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (dns_rdataset_isassociated(&nsecset)) {
dns_rdataset_disassociate(&nsecset);
}
isc_buffer_putuint8(buf, 0);
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
#define DNS_QPCACHE_LOG_STATS_LEVEL 3
#endif
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
#define STALE_TTL(header, qpdb) \
(NXDOMAIN(header) ? 0 : qpdb->common.serve_stale_ttl)
DNS_SLABHEADER_SETATTR(newheader, DNS_SLABHEADERATTR_OPTOUT);
}
if (rdataset->attributes.noqname) {
- result = addnoqname(qpnode->mctx, newheader, qpdb->maxrrperset,
- rdataset);
- if (result != ISC_R_SUCCESS) {
- return result;
- }
+ RETERR(addnoqname(qpnode->mctx, newheader, qpdb->maxrrperset,
+ rdataset));
}
if (rdataset->attributes.closest) {
- result = addclosest(qpnode->mctx, newheader, qpdb->maxrrperset,
- rdataset);
- if (result != ISC_R_SUCCESS) {
- return result;
- }
+ RETERR(addclosest(qpnode->mctx, newheader, qpdb->maxrrperset,
+ rdataset));
}
nlock = &qpdb->buckets[qpnode->locknum].lock;
#include "qpzone_p.h"
#include "rdataslab_p.h"
-#define CHECK(op) \
- { \
- result = (op); \
- if (result != ISC_R_SUCCESS) { \
- goto failure; \
- } \
- }
-
#define HEADERNODE(h) ((qpznode_t *)((h)->node))
#define QPDB_ATTR_LOADED 0x01
#include <dst/dst.h>
-#define RETERR(x) \
- do { \
- isc_result_t _r = (x); \
- if (_r != ISC_R_SUCCESS) \
- return ((_r)); \
- } while (0)
-
#define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */
#define TOTEXTONLY 0x01
#include <dns/time.h>
#include <dns/ttl.h>
-#define RETERR(x) \
- do { \
- isc_result_t _r = (x); \
- if (_r != ISC_R_SUCCESS) \
- return ((_r)); \
- } while (0)
-
#define RETTOK(x) \
do { \
isc_result_t _r = (x); \
} \
} while (0)
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
#define CHECKTOK(op) \
do { \
result = (op); \
for (size_t i = start; i < count; i++) {
dns_rdata_t rdata = DNS_RDATA_INIT;
- result = towire_addtypeclass(rdataset, name, cctx, target,
- rrbuffer, sizeof(dns_ttl_t) + 2);
- if (result != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(towire_addtypeclass(rdataset, name, cctx, target,
+ rrbuffer, sizeof(dns_ttl_t) + 2));
towire_addttl(rdataset, target, &rdlen);
dns_rdataset_current(rdataset, &rdata);
- result = towire_addrdata(&rdata, cctx, target, &rdlen);
- if (result != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(towire_addrdata(&rdata, cctx, target, &rdlen));
added++;
result = dns_rdataset_next(rdataset);
}
for (size_t i = 0; i < start; i++) {
- result = towire_addtypeclass(rdataset, name, cctx, target,
- rrbuffer, sizeof(dns_ttl_t) + 2);
- if (result != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(towire_addtypeclass(rdataset, name, cctx, target,
+ rrbuffer, sizeof(dns_ttl_t) + 2));
towire_addttl(rdataset, target, &rdlen);
- result = towire_addrdata(&rdatas[i], cctx, target, &rdlen);
- if (result != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(towire_addrdata(&rdatas[i], cctx, target, &rdlen));
added++;
}
#define RESCONFMAXLINELEN 256U /*%< max size of a line */
#define RESCONFMAXSORTLIST 10U /*%< max 10 */
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
/*!
* configuration data structure
*/
rctx_cache_secure(respctx_t *rctx, dns_message_t *message, dns_name_t *name,
dns_dbnode_t *node, dns_rdataset_t *rdataset,
dns_rdataset_t *sigrdataset, bool need_validation) {
- isc_result_t result;
fetchctx_t *fctx = rctx->fctx;
resquery_t *query = rctx->query;
dns_rdataset_t *ardataset = NULL, *asigset = NULL;
* in-between.
*/
- result = cache_rrset(fctx, rctx->now, name, rdataset,
- sigrdataset, &node, ardataset, asigset,
- need_validation);
- if (result != ISC_R_SUCCESS) {
- return result;
- }
+ RETERR(cache_rrset(fctx, rctx->now, name, rdataset, sigrdataset,
+ &node, ardataset, asigset, need_validation));
}
return ISC_R_SUCCESS;
/*
* Cache the negative entry.
*/
- result = dns_db_findnode(fctx->cache, name, true, &node);
- if (result != ISC_R_SUCCESS) {
- return result;
- }
+ RETERR(dns_db_findnode(fctx->cache, name, true, &node));
result = dns_ncache_add(message, cache, node, covers, now, minttl,
maxttl, optout, secure, added);
#include <dns/time.h>
#include <dns/ttl.h>
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
#define READLINE(lex, opt, token)
-#define NEXTTOKEN(lex, opt, token) \
- { \
- ret = isc_lex_gettoken(lex, opt, token); \
- if (ret != ISC_R_SUCCESS) \
- goto cleanup; \
- }
+#define NEXTTOKEN(lex, opt, token) CHECK(isc_lex_gettoken(lex, opt, token))
-#define BADTOKEN() \
- { \
- ret = ISC_R_UNEXPECTEDTOKEN; \
- goto cleanup; \
- }
+#define BADTOKEN() CHECK(ISC_R_UNEXPECTEDTOKEN)
#define TOKENSIZ (8 * 1024)
#define STR(t) ((t).value.as_textregion.base)
isc_buffer_t b;
isc_token_t token;
unsigned int opt = ISC_LEXOPT_EOL;
- isc_result_t ret = ISC_R_SUCCESS;
+ isc_result_t result = ISC_R_SUCCESS;
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
dname = dns_fixedname_initname(&dfname);
isc_buffer_init(&b, owner, strlen(owner));
isc_buffer_add(&b, strlen(owner));
- ret = dns_name_fromtext(dname, &b, dns_rootname, 0);
- if (ret != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ CHECK(dns_name_fromtext(dname, &b, dns_rootname, 0));
if (dns_name_compare(dname, origin) != 0) {
- ret = DNS_R_BADOWNERNAME;
- goto cleanup;
+ CHECK(DNS_R_BADOWNERNAME);
}
isc_buffer_clear(&b);
}
/* If it's a TTL, read the next one */
- ret = dns_ttl_fromtext(&token.value.as_textregion, ttl);
- if (ret == ISC_R_SUCCESS) {
+ result = dns_ttl_fromtext(&token.value.as_textregion, ttl);
+ if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
if (token.type != isc_tokentype_string) {
}
/* If it's a class, read the next one */
- ret = dns_rdataclass_fromtext(&clas, &token.value.as_textregion);
- if (ret == ISC_R_SUCCESS) {
+ result = dns_rdataclass_fromtext(&clas, &token.value.as_textregion);
+ if (result == ISC_R_SUCCESS) {
if (clas != rdclass) {
BADTOKEN();
}
}
/* Must be the record type */
- ret = dns_rdatatype_fromtext(rdtype, &token.value.as_textregion);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_rdatatype_fromtext(rdtype, &token.value.as_textregion);
+ if (result != ISC_R_SUCCESS) {
BADTOKEN();
}
switch (*rdtype) {
}
dns_rdatacallbacks_init(&callbacks);
- ret = dns_rdata_fromtext(*rdata, rdclass, *rdtype, lex, dname, 0, mctx,
- buf, &callbacks);
+ result = dns_rdata_fromtext(*rdata, rdclass, *rdtype, lex, dname, 0,
+ mctx, buf, &callbacks);
cleanup:
isc_lex_setcomments(lex, 0);
- return ret;
+ return result;
}
static void
filename, isc_lex_getsourceline(lex),
isc_result_totext(result));
isc_mem_put(mctx, rdata, sizeof(*rdata));
- goto failure;
+ goto cleanup;
}
/* Create new diff tuple */
addbundle(*skrp, &bundle);
}
-failure:
+cleanup:
if (result != ISC_R_SUCCESS) {
isc_log_write(DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_ZONE,
ISC_LOG_DEBUG(1),
#define TEMP_BUFFER_SZ 8192
#define TKEY_RANDOM_AMOUNT 16
-#define RETERR(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
static void
tkey_log(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
return ISC_R_SUCCESS;
}
if (result != DNS_R_CONTINUE && result != ISC_R_SUCCESS) {
- goto failure;
+ CHECK(result);
}
/*
#endif /* HAVE_GSSAPI */
uint32_t expire;
- RETERR(dst_key_fromgssapi(name, gss_ctx, ring->mctx, &dstkey,
- &intoken));
+ CHECK(dst_key_fromgssapi(name, gss_ctx, ring->mctx, &dstkey,
+ &intoken));
/*
* Limit keys to 1 hour or the context's lifetime whichever
* is smaller.
expire = now + lifetime;
}
#endif /* HAVE_GSSAPI */
- RETERR(dns_tsigkey_createfromkey(
+ CHECK(dns_tsigkey_createfromkey(
name, dns__tsig_algfromname(&tkeyin->algorithm), dstkey,
true, false, principal, now, expire, ring->mctx,
&tsigkey));
- RETERR(dns_tsigkeyring_add(ring, tsigkey));
+ CHECK(dns_tsigkeyring_add(ring, tsigkey));
dst_key_free(&dstkey);
tkeyout->inception = now;
tkeyout->expire = expire;
return ISC_R_SUCCESS;
-failure:
+cleanup:
if (tsigkey != NULL) {
dns_tsigkey_detach(&tsigkey);
}
result = dns_message_findname(msg, DNS_SECTION_ADDITIONAL, qname,
dns_rdatatype_tkey, 0, NULL, &tkeyset);
if (result != ISC_R_SUCCESS) {
- result = DNS_R_FORMERR;
tkey_log("dns_tkey_processquery: couldn't find a TKEY "
"matching the question");
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
result = dns_rdataset_first(tkeyset);
if (result != ISC_R_SUCCESS) {
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
dns_rdataset_current(tkeyset, &rdata);
- RETERR(dns_rdata_tostruct(&rdata, &tkeyin, NULL));
+ CHECK(dns_rdata_tostruct(&rdata, &tkeyin, NULL));
if (tkeyin.error != dns_rcode_noerror) {
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
/*
{
tkey_log("dns_tkey_processquery: query was not "
"properly signed - rejecting");
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
tkeyout = (dns_rdata_tkey_t){
/*
* A delete operation uses the fully specified qname.
*/
- RETERR(process_deletetkey(signer, qname, &tkeyin, &tkeyout,
- ring));
+ CHECK(process_deletetkey(signer, qname, &tkeyin, &tkeyout,
+ ring));
break;
case DNS_TKEYMODE_GSSAPI:
keyname = dns_fixedname_initname(&fkeyname);
isc_nonce_buf(randomdata, sizeof(randomdata));
isc_buffer_init(&b, randomtext, sizeof(randomtext));
- RETERR(isc_hex_totext(&r, 2, "", &b));
- RETERR(dns_name_fromtext(keyname, &b, NULL, 0));
+ CHECK(isc_hex_totext(&r, 2, "", &b));
+ CHECK(dns_name_fromtext(keyname, &b, NULL, 0));
}
- RETERR(dns_name_concatenate(keyname, dns_rootname, keyname));
+ CHECK(dns_name_concatenate(keyname, dns_rootname, keyname));
result = dns_tsigkey_find(&tsigkey, keyname, NULL, ring);
if (result == ISC_R_SUCCESS) {
dns_tsigkey_detach(&tsigkey);
break;
} else if (result == ISC_R_NOTFOUND) {
- RETERR(process_gsstkey(msg, keyname, &tkeyin, tctx,
- &tkeyout, ring));
+ CHECK(process_gsstkey(msg, keyname, &tkeyin, tctx,
+ &tkeyout, ring));
break;
}
- goto failure;
+ goto cleanup;
case DNS_TKEYMODE_SERVERASSIGNED:
case DNS_TKEYMODE_RESOLVERASSIGNED:
result = DNS_R_NOTIMP;
- goto failure;
+ goto cleanup;
default:
tkeyout.error = dns_tsigerror_badmode;
}
if (tkeyout.key != NULL) {
isc_mem_put(tkeyout.mctx, tkeyout.key, tkeyout.keylen);
}
- RETERR(result);
+ CHECK(result);
- RETERR(dns_message_reply(msg, true));
+ CHECK(dns_message_reply(msg, true));
add_rdata_to_list(msg, keyname, &rdata, 0, &namelist);
ISC_LIST_FOREACH(namelist, name, link) {
}
return ISC_R_SUCCESS;
-failure:
+cleanup:
free_namelist(msg, &namelist);
return result;
}
return dns_result_fromrcode(rmsg->rcode);
}
- RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
- RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
+ CHECK(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
+ CHECK(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
- RETERR(find_tkey(qmsg, &tkeyname, &qtkeyrdata, DNS_SECTION_ADDITIONAL));
- RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
+ CHECK(find_tkey(qmsg, &tkeyname, &qtkeyrdata, DNS_SECTION_ADDITIONAL));
+ CHECK(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
if (rtkey.error != dns_rcode_noerror ||
rtkey.mode != DNS_TKEYMODE_GSSAPI ||
{
tkey_log("dns_tkey_gssnegotiate: tkey mode invalid "
"or error set(4)");
- result = DNS_R_INVALIDTKEY;
- goto failure;
+ CHECK(DNS_R_INVALIDTKEY);
}
isc_buffer_init(&intoken, rtkey.key, rtkey.keylen);
dns_name_clone(DNS_TSIG_GSSAPI_NAME, &tkey.algorithm);
dns_message_reset(qmsg, DNS_MESSAGE_INTENTRENDER);
- RETERR(buildquery(qmsg, tkeyname, &tkey));
+ CHECK(buildquery(qmsg, tkeyname, &tkey));
return DNS_R_CONTINUE;
}
- RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey,
- NULL));
+ CHECK(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey,
+ NULL));
/*
* XXXSRA This seems confused. If we got CONTINUE from initctx,
* the GSS negotiation hasn't completed yet, so we can't sign
* anything yet.
*/
- RETERR(dns_tsigkey_createfromkey(tkeyname, DST_ALG_GSSAPI, dstkey, true,
- false, NULL, rtkey.inception,
- rtkey.expire, ring->mctx, &tsigkey));
- RETERR(dns_tsigkeyring_add(ring, tsigkey));
+ CHECK(dns_tsigkey_createfromkey(tkeyname, DST_ALG_GSSAPI, dstkey, true,
+ false, NULL, rtkey.inception,
+ rtkey.expire, ring->mctx, &tsigkey));
+ CHECK(dns_tsigkeyring_add(ring, tsigkey));
if (outkey == NULL) {
dns_tsigkey_detach(&tsigkey);
} else {
dst_key_free(&dstkey);
return result;
-failure:
+cleanup:
if (tsigkey != NULL) {
dns_tsigkey_detach(&tsigkey);
}
#include <dns/ttl.h>
-#define RETERR(x) \
- do { \
- isc_result_t _r = (x); \
- if (_r != ISC_R_SUCCESS) \
- return ((_r)); \
- } while (0)
-
static isc_result_t
bind_ttl(isc_textregion_t *source, uint32_t *ttl);
*/
#define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8)
-/*%
- * Check an operation for failure. These macros all assume that
- * the function using them has a 'result' variable and a 'failure'
- * label.
- */
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
-/*%
- * Fail unconditionally with result 'code', which must not
- * be ISC_R_SUCCESS. The reason for failure presumably has
- * been logged already.
- *
- * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
- * from complaining about "end-of-loop code not reached".
- */
-
-#define FAIL(code) \
- do { \
- result = (code); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
-/*%
- * Fail unconditionally and log as a client error.
- * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
- * from complaining about "end-of-loop code not reached".
- */
-#define FAILC(code, msg) \
- do { \
- const char *_what = "failed"; \
- result = (code); \
- switch (result) { \
- case DNS_R_NXDOMAIN: \
- case DNS_R_YXDOMAIN: \
- case DNS_R_YXRRSET: \
- case DNS_R_NXRRSET: \
- _what = "unsuccessful"; \
- } \
- update_log(log, zone, LOGLEVEL_PROTOCOL, "update %s: %s (%s)", \
- _what, msg, isc_result_totext(result)); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
-#define FAILN(code, name, msg) \
- do { \
- const char *_what = "failed"; \
- result = (code); \
- switch (result) { \
- case DNS_R_NXDOMAIN: \
- case DNS_R_YXDOMAIN: \
- case DNS_R_YXRRSET: \
- case DNS_R_NXRRSET: \
- _what = "unsuccessful"; \
- } \
- if (isc_log_wouldlog(LOGLEVEL_PROTOCOL)) { \
- char _nbuf[DNS_NAME_FORMATSIZE]; \
- dns_name_format(name, _nbuf, sizeof(_nbuf)); \
- update_log(log, zone, LOGLEVEL_PROTOCOL, \
- "update %s: %s: %s (%s)", _what, _nbuf, \
- msg, isc_result_totext(result)); \
- } \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
-#define FAILNT(code, name, type, msg) \
- do { \
- const char *_what = "failed"; \
- result = (code); \
- switch (result) { \
- case DNS_R_NXDOMAIN: \
- case DNS_R_YXDOMAIN: \
- case DNS_R_YXRRSET: \
- case DNS_R_NXRRSET: \
- _what = "unsuccessful"; \
- } \
- if (isc_log_wouldlog(LOGLEVEL_PROTOCOL)) { \
- char _nbuf[DNS_NAME_FORMATSIZE]; \
- char _tbuf[DNS_RDATATYPE_FORMATSIZE]; \
- dns_name_format(name, _nbuf, sizeof(_nbuf)); \
- dns_rdatatype_format(type, _tbuf, sizeof(_tbuf)); \
- update_log(log, zone, LOGLEVEL_PROTOCOL, \
- "update %s: %s/%s: %s (%s)", _what, _nbuf, \
- _tbuf, msg, isc_result_totext(result)); \
- } \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
-/*%
- * Fail unconditionally and log as a server error.
- * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
- * from complaining about "end-of-loop code not reached".
- */
-#define FAILS(code, msg) \
- do { \
- result = (code); \
- update_log(log, zone, LOGLEVEL_PROTOCOL, "error: %s: %s", msg, \
- isc_result_totext(result)); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
/**************************************************************************/
typedef struct rr rr_t;
if (result == ISC_R_NOMORE) {
result = ISC_R_SUCCESS;
}
-failure:
+cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
dns_difftuple_free(&p);
}
}
-failure:
+cleanup:
return result;
}
if (wraps == 2) {
update_log(log, zone, ISC_LOG_ERROR,
"secure zone with no NSECs");
- result = DNS_R_BADZONE;
- goto failure;
+ CHECK(DNS_R_BADZONE);
}
}
CHECK(dns_dbiterator_current(dbit, &node, newname));
}
}
} while (!has_nsec);
-failure:
+cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
CHECK(do_one_tuple(&tuple, db, ver, diff));
INSIST(tuple == NULL);
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name, 0, &rdata,
&tuple);
CHECK(do_one_tuple(&tuple, db, ver, diff));
-failure:
+cleanup:
return result;
}
result = ISC_R_NOTFOUND;
}
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
if (result == ISC_R_NOTFOUND) {
return ISC_R_SUCCESS;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
+
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_rrsig,
dns_rdatatype_dnskey, (isc_stdtime_t)0,
&rdataset, NULL);
if (result == ISC_R_NOTFOUND) {
return ISC_R_SUCCESS;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
DNS_RDATASET_FOREACH(&rdataset) {
dns_rdata_t rdata = DNS_RDATA_INIT;
}
dns_rdataset_disassociate(&rdataset);
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
update_log(log, zone, ISC_LOG_ERROR,
"could not get zone keys for secure "
"dynamic update");
- goto failure;
+ goto cleanup;
}
state->now = isc_stdtime_now();
if (!state->build_nsec3) {
update_log(log, zone, ISC_LOG_DEBUG(3),
"no NSEC3 chains to rebuild");
- goto failure;
+ goto cleanup;
}
update_log(log, zone, ISC_LOG_DEBUG(3),
UNREACHABLE();
}
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
#include <dns/zone.h>
#include <dns/zt.h>
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
#define DNS_VIEW_DELONLYHASH 111
/*%
* Incoming AXFR and IXFR.
*/
-#define CHECK(op) \
- { \
- result = (op); \
- if (result != ISC_R_SUCCESS) { \
- goto failure; \
- } \
- }
-
/*%
* The states of the *XFR state machine. We handle both IXFR and AXFR
* with a single integrated state machine because they cannot be
dns_rdatacallbacks_init(&xfr->axfr);
CHECK(dns_db_beginload(xfr->db, &xfr->axfr));
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
dns_diff_append(&xfr->diff, &tuple);
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
uint64_t records;
if (atomic_load(&xfr->shuttingdown)) {
- result = ISC_R_SHUTTINGDOWN;
- goto failure;
+ CHECK(ISC_R_SHUTTINGDOWN);
}
CHECK(dns_diff_load(&xfr->diff, &xfr->axfr));
if (xfr->maxrecords != 0U) {
result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL);
if (result == ISC_R_SUCCESS && records > xfr->maxrecords) {
- result = DNS_R_TOOMANYRECORDS;
- goto failure;
+ CHECK(DNS_R_TOOMANYRECORDS);
}
}
-failure:
+cleanup:
dns_diff_clear(&xfr->diff);
work->result = result;
}
(void)dns_db_endload(xfr->db, &xfr->axfr);
}
-failure:
+cleanup:
xfr->diff_running = false;
isc_mem_put(xfr->mctx, work, sizeof(*work));
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
dns_diff_append(&xfr->diff, &tuple);
xfr->ixfr.diffs++;
-failure:
+cleanup:
return result;
}
if (xfr->ixfr.journal != NULL) {
CHECK(dns_journal_begin_transaction(xfr->ixfr.journal));
}
-failure:
+cleanup:
return result;
}
if (xfr->ixfr.journal != NULL) {
CHECK(dns_journal_commit(xfr->ixfr.journal));
}
-failure:
+cleanup:
return result;
}
if (xfr->maxrecords != 0U) {
result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL);
if (result == ISC_R_SUCCESS && records > xfr->maxrecords) {
- result = DNS_R_TOOMANYRECORDS;
- goto failure;
+ CHECK(DNS_R_TOOMANYRECORDS);
}
}
if (xfr->ixfr.journal != NULL) {
result = ixfr_end_transaction(xfr);
return result;
-failure:
+cleanup:
/* We need to end the transaction, but keep the previous error */
(void)ixfr_end_transaction(xfr);
result = ISC_R_SHUTTINGDOWN;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
/* Reschedule */
if (!cds_wfcq_empty(&xfr->diff_head, &xfr->diff_tail)) {
return;
}
-failure:
+cleanup:
xfr->diff_running = false;
isc_mem_put(xfr->mctx, work, sizeof(*work));
isc_work_enqueue(xfr->loop, ixfr_apply, ixfr_apply_done, work);
}
-failure:
+cleanup:
return result;
}
dns_rdatatype_format(rdata->type, buf, sizeof(buf));
xfrin_log(xfr, ISC_LOG_NOTICE,
"Unexpected %s record in zone transfer", buf);
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
/*
dns_name_format(name, namebuf, sizeof(namebuf));
xfrin_log(xfr, ISC_LOG_DEBUG(3), "SOA name mismatch: '%s'",
namebuf);
- result = DNS_R_NOTZONETOP;
- goto failure;
+ CHECK(DNS_R_NOTZONETOP);
}
redo:
if (rdata->type != dns_rdatatype_soa) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"non-SOA response to SOA query");
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
end_serial = dns_soa_getserial(rdata);
atomic_store_relaxed(&xfr->end_serial, end_serial);
"requested serial %u, "
"primary has %" PRIuFAST32 ", not updating",
xfr->ixfr.request_serial, end_serial);
- result = DNS_R_UPTODATE;
- goto failure;
+ CHECK(DNS_R_UPTODATE);
}
atomic_store(&xfr->state, XFRST_GOTSOA);
break;
if (rdata->type != dns_rdatatype_soa) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"first RR in zone transfer must be SOA");
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
/*
* Remember the serial number in the initial SOA.
"requested serial %u, "
"primary has %" PRIuFAST32 ", not updating",
xfr->ixfr.request_serial, end_serial);
- result = DNS_R_UPTODATE;
- goto failure;
+ CHECK(DNS_R_UPTODATE);
}
xfr->firstsoa = *rdata;
if (xfr->firstsoa_data != NULL) {
"IXFR out of sync: "
"expected serial %u, got %u",
xfr->ixfr.current_serial, soa_serial);
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
} else {
CHECK(ixfr_commit(xfr));
atomic_store(&xfr->state, XFRST_IXFR_DELSOA);
if (rdata->type == dns_rdatatype_ns &&
dns_name_iswildcard(name))
{
- result = DNS_R_INVALIDNS;
- goto failure;
+ CHECK(DNS_R_INVALIDNS);
}
CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
break;
xfrin_log(xfr, ISC_LOG_NOTICE,
"start and ending SOA records "
"mismatch");
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
axfr_commit(xfr);
atomic_store(&xfr->state, XFRST_AXFR_END);
break;
case XFRST_AXFR_END:
case XFRST_IXFR_END:
- result = DNS_R_EXTRADATA;
- goto failure;
+ CHECK(DNS_R_EXTRADATA);
+ break;
default:
UNREACHABLE();
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
dns_dispatchmgr_t *dispmgr = dns_view_getdispatchmgr(xfr->view);
if (dispmgr == NULL) {
- result = ISC_R_SHUTTINGDOWN;
- goto failure;
+ CHECK(ISC_R_SHUTTINGDOWN);
}
primaries_timeout = isc_nm_getprimariestimeout();
&xfr->primaryaddr, xfr->transport,
DNS_DISPATCHOPT_UNSHARED, &xfr->disp);
dns_dispatchmgr_detach(&dispmgr);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
LIBDNS_XFRIN_START(xfr, xfr->info);
return ISC_R_SUCCESS;
-failure:
+cleanup:
xfrin_cancelio(xfr);
dns_xfrin_detach(&xfr);
CHECK(dns_message_rendersection(msg, DNS_SECTION_ADDITIONAL, 0));
CHECK(dns_message_renderend(msg));
result = ISC_R_SUCCESS;
-failure:
+cleanup:
dns_compress_invalidate(&cctx);
return result;
}
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "failed to connect");
- goto failure;
+ goto cleanup;
}
result = dns_dispatch_checkperm(xfr->disp);
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "connected but unable to transfer");
- goto failure;
+ goto cleanup;
}
zmgr = dns_zone_getmgr(xfr->zone);
return;
-failure:
+cleanup:
switch (result) {
case ISC_R_NETDOWN:
case ISC_R_HOSTDOWN:
xfrin_log(xfr, ISC_LOG_DEBUG(3), "sending %s request, QID %d",
request_type(xfr), xfr->id);
-failure:
+cleanup:
dns_message_detach(&msg);
if (soatuple != NULL) {
dns_difftuple_free(&soatuple);
xfrin_log(xfr, ISC_LOG_DEBUG(3), "sent request data");
-failure:
+cleanup:
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "failed sending request data");
}
if (xfr->reqtype == dns_rdatatype_axfr ||
xfr->reqtype == dns_rdatatype_soa)
{
- goto failure;
+ goto cleanup;
}
xfrin_log(xfr, ISC_LOG_DEBUG(3), "got %s, retrying with AXFR",
if (msg->counts[DNS_SECTION_QUESTION] > 1) {
xfrin_log(xfr, ISC_LOG_NOTICE, "too many questions (%u)",
msg->counts[DNS_SECTION_QUESTION]);
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
if ((atomic_load(&xfr->state) == XFRST_SOAQUERY ||
msg->counts[DNS_SECTION_QUESTION] != 1)
{
xfrin_log(xfr, ISC_LOG_NOTICE, "missing question section");
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
MSG_SECTION_FOREACH(msg, DNS_SECTION_QUESTION, name) {
if (!dns_name_equal(name, &xfr->name)) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"question name mismatch");
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
rds = ISC_LIST_HEAD(name->list);
INSIST(rds != NULL);
if (rds->type != xfr->reqtype) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"question type mismatch");
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
if (rds->rdclass != xfr->rdclass) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"question class mismatch");
- result = DNS_R_FORMERR;
- goto failure;
+ CHECK(DNS_R_FORMERR);
}
}
if (xfr->reqtype == dns_rdatatype_soa &&
(msg->flags & DNS_MESSAGEFLAG_AA) == 0)
{
- result = DNS_R_NOTAUTHORITATIVE;
- goto failure;
+ CHECK(DNS_R_NOTAUTHORITATIVE);
}
result = dns_message_checksig(msg, xfr->view);
if (result != ISC_R_SUCCESS) {
xfrin_log(xfr, ISC_LOG_DEBUG(3), "TSIG check failed: %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
MSG_SECTION_FOREACH(msg, DNS_SECTION_ANSWER, name) {
atomic_load(&xfr->state) == XFRST_AXFR_END ||
atomic_load(&xfr->state) == XFRST_IXFR_END)
{
- result = DNS_R_EXPECTEDTSIG;
- goto failure;
+ CHECK(DNS_R_EXPECTEDTSIG);
}
}
* Read the next message.
*/
dns_message_detach(&msg);
- result = dns_dispatch_getnext(xfr->dispentry);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(dns_dispatch_getnext(xfr->dispentry));
isc_interval_t interval;
isc_interval_set(&interval, dns_zone_getidlein(xfr->zone), 0);
return;
}
-failure:
+cleanup:
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "failed while receiving responses");
}
#define ZONEDB_LOCK(l, t) RWLOCK((l), (t))
#define ZONEDB_UNLOCK(l, t) RWUNLOCK((l), (t))
-#define RETERR(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
#ifdef ENABLE_AFL
extern bool dns_fuzzing_resolver;
#endif /* ifdef ENABLE_AFL */
* load. */
} dns_zoneloadflag_t;
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
struct dns_zonemgr {
unsigned int magic;
isc_mem_t *mctx;
const char *end = value + strlen(value);
putmem(&b, p, end - p);
-failure:
+cleanup:
isc_buffer_putuint8(&b, 0);
setstring(zone, field, filename);
}
size_t rval;
result = isc_stdio_read(buf, 1, sizeof(buf), input, &rval);
- if (result != ISC_R_SUCCESS && result != ISC_R_EOF) {
- goto failure;
+ if (result != ISC_R_EOF) {
+ CHECK(result);
}
CHECK(isc_stdio_write(buf, rval, 1, output, NULL));
len -= rval;
} while (len > 0);
-failure:
+cleanup:
if (input != NULL) {
isc_stdio_close(input);
}
set_refreshkeytimer(zone, &kd, now, true);
return ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
dns_keytable_detach(&sr);
-failure:
+cleanup:
if (sr != NULL) {
dns_keytable_detach(&sr);
}
CHECK(do_one_tuple(&addtuple, db, ver, diff));
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (addtuple != NULL) {
dns_difftuple_free(&addtuple);
}
dns_zone_log(zone, ISC_LOG_ERROR,
"add_soa:dns_db_newversion -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
/* Build SOA record */
dns_zone_log(zone, ISC_LOG_ERROR,
"add_soa:dns_soa_buildrdata -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
result = update_one_rr(db, ver, &diff, DNS_DIFFOP_ADD, &zone->origin, 0,
&rdata);
-failure:
+cleanup:
dns_diff_clear(&diff);
if (ver != NULL) {
dns_db_closeversion(db, &ver, result == ISC_R_SUCCESS);
dnssec_log(zone, ISC_LOG_ERROR,
"sync_keyzone:dns_db_newversion -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
/*
dns_rriterator_current(&rrit, &rrname, &ttl, &rdataset, NULL);
if (!dns_rdataset_isassociated(rdataset)) {
dns_rriterator_destroy(&rrit);
- goto failure;
+ goto cleanup;
}
if (rdataset->type != dns_rdatatype_keydata) {
commit = true;
}
-failure:
+cleanup:
if (result != ISC_R_SUCCESS) {
dnssec_log(zone, ISC_LOG_ERROR,
"unable to synchronize managed keys: %s",
result = sync_keyzone(zone, db);
UNLOCK_ZONE(zone);
-failure:
+cleanup:
if (db != NULL) {
dns_db_detach(&db);
}
dns_rdataset_disassociate(&rdataset);
}
-failure:
+cleanup:
return result;
}
*nkeys = 0;
memset(keys, 0, sizeof(*keys) * maxkeys);
dns_rdataset_init(&rdataset);
- RETERR(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0,
- &rdataset, NULL));
- RETERR(dns_rdataset_first(&rdataset));
+ CHECK(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0,
+ &rdataset, NULL));
+ CHECK(dns_rdataset_first(&rdataset));
while (result == ISC_R_SUCCESS && count < maxkeys) {
pubkey = NULL;
dns_rdataset_current(&rdataset, &rdata);
- RETERR(dns_dnssec_keyfromrdata(name, &rdata, mctx, &pubkey));
+ CHECK(dns_dnssec_keyfromrdata(name, &rdata, mctx, &pubkey));
dst_key_setttl(pubkey, rdataset.ttl);
if (!is_zone_key(pubkey)) {
goto next;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
/*
* If a key is marked inactive, skip it
result = dns_rdataset_next(&rdataset);
}
if (result != ISC_R_NOMORE) {
- goto failure;
+ CHECK(result);
}
if (count == 0) {
result = ISC_R_NOTFOUND;
result = ISC_R_SUCCESS;
}
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
result = ISC_R_SUCCESS;
}
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
dns_zone_getmctx(zone), keys);
dns_zone_unlock_keyfiles(zone);
- if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
- goto failure;
+ if (result != ISC_R_NOTFOUND) {
+ CHECK(result);
}
/* Get public keys (dnskeys). */
}
}
-failure:
+cleanup:
if (dns_rdataset_isassociated(&keyset)) {
dns_rdataset_disassociate(&keyset);
}
if (result == ISC_R_NOTFOUND) {
return ISC_R_SUCCESS;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
+
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_rrsig, type,
(isc_stdtime_t)0, &rdataset, NULL);
dns_db_detachnode(&node);
}
if (result != ISC_R_SUCCESS) {
INSIST(!dns_rdataset_isassociated(&rdataset));
- goto failure;
+ goto cleanup;
}
DNS_RDATASET_FOREACH(&rdataset) {
"key expiry warning time out of range");
}
}
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
if (result == ISC_R_NOTFOUND) {
return ISC_R_SUCCESS;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
+
result = dns_db_findrdataset(db, node, ver, type, 0, (isc_stdtime_t)0,
&rdataset, NULL);
dns_db_detachnode(&node);
}
if (result != ISC_R_SUCCESS) {
INSIST(!dns_rdataset_isassociated(&rdataset));
- goto failure;
+ goto cleanup;
}
for (i = 0; i < nkeys; i++) {
}
}
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
* Zone is frozen. Pause for 5 minutes.
*/
if (zone->update_disabled) {
- result = ISC_R_FAILURE;
- goto failure;
+ CHECK(ISC_R_FAILURE);
}
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
}
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
if (db == NULL) {
- result = ISC_R_FAILURE;
- goto failure;
+ CHECK(ISC_R_FAILURE);
}
result = dns_db_newversion(db, &version);
dns_zone_log(zone, ISC_LOG_ERROR,
"zone_resigninc:dns_db_newversion -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
now = isc_stdtime_now();
dns_zone_log(zone, ISC_LOG_ERROR,
"zone_resigninc:dns_zone_findkeys -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
calculate_rrsig_validity(zone, now, &inception, &soaexpire, &expire,
}
}
- if (result != ISC_R_NOMORE && result != ISC_R_SUCCESS) {
- goto failure;
+ if (result != ISC_R_NOMORE) {
+ CHECK(result);
}
result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa,
dns_zone_log(zone, ISC_LOG_ERROR,
"zone_resigninc:del_sigs -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
/*
if (zonediff.offline) {
dns_db_closeversion(db, &version, true);
}
- goto failure;
+ goto cleanup;
}
/* Increment SOA serial if we have made changes */
dns_zone_log(zone, ISC_LOG_ERROR,
"zone_resigninc:update_soa_serial -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
/*
dns_zone_log(zone, ISC_LOG_ERROR,
"zone_resigninc:add_sigs -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
/* Write changes to journal file. */
/* Everything has succeeded. Commit the changes. */
dns_db_closeversion(db, &version, true);
-failure:
+cleanup:
dns_diff_clear(&_sig_diff);
for (i = 0; i < nkeys; i++) {
dst_key_free(&zone_keys[i]);
break;
}
} while (1);
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
CHECK(dns_nsec_buildrdata(db, version, node, next, nsecbuffer, &rdata));
CHECK(update_one_rr(db, version, diff, DNS_DIFFOP_ADD, name, ttl,
&rdata));
-failure:
+cleanup:
return result;
}
(*signatures)--;
}
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
if (result == ISC_R_NOTFOUND) {
goto success;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
}
CHECK(delete_nsec(db, version, node, name, diff));
CHECK(add_nsec(db, version, name, node, nsecttl, false, diff));
success:
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
bool have_rr = false;
dns_rdataset_init(&rdataset);
- result = dns_db_getoriginnode(signing->db, &node);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(dns_db_getoriginnode(signing->db, &node));
result = dns_db_findrdataset(signing->db, node, version,
zone->privatetype, dns_rdatatype_none, 0,
if (result == ISC_R_NOTFOUND) {
INSIST(!dns_rdataset_isassociated(&rdataset));
result = ISC_R_SUCCESS;
- goto failure;
+ goto cleanup;
}
if (result != ISC_R_SUCCESS) {
INSIST(!dns_rdataset_isassociated(&rdataset));
- goto failure;
+ goto cleanup;
}
DNS_RDATASET_FOREACH(&rdataset) {
diff));
}
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
goto try_private;
}
if (result != ISC_R_SUCCESS) {
- goto failure;
+ goto cleanup;
}
/*
if (result == ISC_R_NOTFOUND) {
goto add;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
DNS_RDATASET_FOREACH(&rdataset) {
dns_rdata_t private = DNS_RDATA_INIT;
add:
if ((chain->nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0) {
result = ISC_R_SUCCESS;
- goto failure;
+ goto cleanup;
}
/*
rdata.data[1] = 0; /* Clear flag bits. */
CHECK(update_one_rr(db, ver, diff, DNS_DIFFOP_ADD, name, ttl, &rdata));
-failure:
+cleanup:
dns_db_detachnode(&node);
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
rdataset.ttl, &rdata));
}
-failure:
+cleanup:
dns_rdataset_disassociate(&rdataset);
return result;
}
rdataset.ttl, &rdata));
}
-failure:
+cleanup:
dns_rdataset_disassociate(&rdataset);
return result;
}
*answer = !active;
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
* Updates are disabled. Pause for 5 minutes.
*/
if (zone->update_disabled) {
- result = ISC_R_FAILURE;
- goto failure;
+ CHECK(ISC_R_FAILURE);
}
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:dns_db_newversion -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
now = isc_stdtime_now();
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:dns_zone_findkeys -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
calculate_rrsig_validity(zone, now, &inception, &soaexpire, NULL,
/* Empty node? */
goto next_addnode;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
seen_soa = seen_ns = seen_dname = seen_ds = seen_nsec = false;
DNS_RDATASETITER_FOREACH(iterator) {
"zone_nsec3chain:"
"dns_nsec3_addnsec3 -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
/*
"zone_nsec3chain:"
"dns_dbiterator_next -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
} else if (delegation) {
dns_dbiterator_current(nsec3chain->dbiterator,
&node, nextname);
"zone_nsec3chain:"
"need_nsec_chain -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
}
"zone_nsec3chain:"
"fixup_nsec3param -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
}
"zone_nsec3chain:"
"deletematchingnsec3 -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
goto next_removenode;
}
/* Empty node? */
goto next_removenode;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
seen_soa = seen_ns = seen_dname = seen_nsec3 = seen_nsec =
seen_rr = false;
"zone_nsec3chain:"
"fixup_nsec3param -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
goto next_removechain;
} else if (result != ISC_R_SUCCESS) {
"zone_nsec3chain:"
"dns_dbiterator_next -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
} else if (delegation) {
dns_dbiterator_current(nsec3chain->dbiterator,
&node, nextname);
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:dns_db_allrdatasets -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
DNS_RDATASETITER_FOREACH(iterator) {
dns_rdataset_t rdataset = DNS_RDATASET_INIT;
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:updatesecure -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
}
"zone_nsec3chain:"
"dns_nsec3_addnsec3s -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
}
}
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:dns__zone_updatesigs -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
/*
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:dns__zone_updatesigs -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
if (updatensec) {
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:updatesecure -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
}
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:dns__zone_updatesigs -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
/*
* No need to call dns_db_closeversion() here as it is
* called with commit = true below.
*/
- goto done;
+ goto closeversion;
}
result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa,
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:del_sigs -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
result = update_soa_serial(zone, db, version, zonediff.diff, zone->mctx,
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:update_soa_serial -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
result = add_sigs(db, version, &zone->origin, zone, dns_rdatatype_soa,
dnssec_log(zone, ISC_LOG_ERROR,
"zone_nsec3chain:add_sigs -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
/* Write changes to journal file. */
DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
UNLOCK_ZONE(zone);
-done:
+closeversion:
/*
* Pause all iterators so that dns_db_closeversion() can succeed.
*/
set_resigntime(zone);
UNLOCK_ZONE(zone);
-failure:
+cleanup:
if (result != ISC_R_SUCCESS) {
dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain: %s",
isc_result_totext(result));
* i.e., found in at least one, and not missing from any.
*/
*has_algp = (alg_found && !alg_missed);
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
/* Refuse to allow NSEC3 with NSEC-only keys */
if (nseconly && nsec3) {
- goto failure;
+ goto cleanup;
}
return true;
-failure:
+cleanup:
return false;
}
*/
if (zone->update_disabled) {
result = ISC_R_FAILURE;
- goto cleanup;
+ goto done;
}
ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
if (db == NULL) {
result = ISC_R_FAILURE;
- goto cleanup;
+ goto done;
}
result = dns_db_newversion(db, &version);
dnssec_log(zone, ISC_LOG_ERROR,
"zone_sign:dns_db_newversion -> %s",
isc_result_totext(result));
- goto cleanup;
+ goto done;
}
now = isc_stdtime_now();
dnssec_log(zone, ISC_LOG_ERROR,
"zone_sign:dns_zone_findkeys -> %s",
isc_result_totext(result));
- goto cleanup;
+ goto done;
}
kasp = zone->kasp;
"updatesecure -> %s",
isc_result_totext(
result));
- goto cleanup;
+ goto done;
}
}
result = updatesignwithkey(
dnssec_log(zone, ISC_LOG_ERROR,
"updatesignwithkey -> %s",
isc_result_totext(result));
- goto cleanup;
+ goto done;
}
build_nsec = false;
goto next_signing;
"zone_sign:"
"dns_dbiterator_next -> %s",
isc_result_totext(result));
- goto cleanup;
+ goto done;
} else if (is_bottom_of_zone) {
dns_dbiterator_current(signing->dbiterator,
&node, nextname);
dnssec_log(zone, ISC_LOG_ERROR,
"zone_sign:dns__zone_updatesigs -> %s",
isc_result_totext(result));
- goto cleanup;
+ goto done;
}
}
if (result != ISC_R_SUCCESS) {
dnssec_log(zone, ISC_LOG_ERROR, "zone_sign:del_sigs -> %s",
isc_result_totext(result));
- goto cleanup;
+ goto done;
}
result = update_soa_serial(zone, db, version, zonediff.diff, zone->mctx,
dnssec_log(zone, ISC_LOG_ERROR,
"zone_sign:update_soa_serial -> %s",
isc_result_totext(result));
- goto cleanup;
+ goto done;
}
/*
if (result != ISC_R_SUCCESS) {
dnssec_log(zone, ISC_LOG_ERROR, "zone_sign:add_sigs -> %s",
isc_result_totext(result));
- goto cleanup;
+ goto done;
}
/*
}
UNLOCK_ZONE(zone);
-failure:
+cleanup:
if (result != ISC_R_SUCCESS) {
dnssec_log(zone, ISC_LOG_ERROR, "zone_sign: failed: %s",
isc_result_totext(result));
}
-cleanup:
+done:
/*
* Pause all dbiterators.
*/
if (result == ISC_R_UNEXPECTEDEND) {
continue;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
+
keydata.refresh = refresh_time(fetch, true);
set_refreshkeytimer(zone, &keydata, now, false);
0, &rdata));
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
return result;
}
result = ISC_R_SUCCESS;
}
-failure:
+cleanup:
if (result != ISC_R_SUCCESS) {
dnssec_log(zone, ISC_LOG_ERROR,
"error during trust anchor processing (%s): "
zone_needdump(zone, 30);
}
-failure:
+cleanup:
if (!timerset) {
isc_time_settoepoch(&zone->refreshkeytime);
}
"policies unloaded");
}
-failure:
+cleanup:
if (db != NULL) {
dns_db_detach(&db);
}
result = ISC_R_SUCCESS;
}
-failure:
+cleanup:
return result;
}
result = dns_journal_open(zone->mctx, zone->journal,
DNS_JOURNAL_READ, &sjournal);
- if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
- goto failure;
+ if (result != ISC_R_NOTFOUND) {
+ CHECK(result);
}
if (!dns_journal_get_sourceserial(rjournal, &start)) {
start, end, &soatuple,
&zone->rss_diff);
if (result == DNS_R_UNCHANGED) {
- goto failure;
+ goto cleanup;
} else if (result != ISC_R_SUCCESS) {
CHECK(sync_secure_db(zone, zone->rss_raw, zone->rss_db,
zone->rss_oldver, &soatuple,
* that contents of the raw zone and the secure zone are kept in sync.
*/
if (result != ISC_R_SUCCESS && dns_db_issecure(zone->rss_db)) {
- goto failure;
+ goto cleanup;
}
if (rjournal == NULL) {
newserial, desired);
}
-failure:
+cleanup:
isc_mem_put(zone->mctx, rss, sizeof(*rss));
zone->rss = NULL;
result = ISC_R_SUCCESS;
}
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
LOCK_ZONE(zone);
if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) || !inline_secure(zone)) {
- result = ISC_R_SHUTTINGDOWN;
- goto failure;
+ CHECK(ISC_R_SHUTTINGDOWN);
}
loadtime = isc_time_now();
result = save_nsec3param(zone, &nsec3list);
if (result != ISC_R_SUCCESS) {
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
- goto failure;
+ goto cleanup;
}
}
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
- result = dns_db_create(zone->mctx, zone->db_argv[0], &zone->origin,
- dns_dbtype_zone, zone->rdclass,
- zone->db_argc - 1, zone->db_argv + 1, &db);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(dns_db_create(zone->mctx, zone->db_argv[0], &zone->origin,
+ dns_dbtype_zone, zone->rdclass, zone->db_argc - 1,
+ zone->db_argv + 1, &db));
result = dns_db_setgluecachestats(db, zone->gluecachestats);
- if (result != ISC_R_SUCCESS && result != ISC_R_NOTIMPLEMENTED) {
- goto failure;
- }
-
- result = dns_db_newversion(db, &version);
- if (result != ISC_R_SUCCESS) {
- goto failure;
+ if (result != ISC_R_NOTIMPLEMENTED) {
+ CHECK(result);
}
- result = dns_db_createiterator(rawdb, DNS_DB_NONSEC3, &dbiterator);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(dns_db_newversion(db, &version));
+ CHECK(dns_db_createiterator(rawdb, DNS_DB_NONSEC3, &dbiterator));
DNS_DBITERATOR_FOREACH(dbiterator) {
- result = copy_non_dnssec_records(db, version, rawdb, dbiterator,
- oldserialp);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(copy_non_dnssec_records(db, version, rawdb, dbiterator,
+ oldserialp));
}
dns_dbiterator_destroy(&dbiterator);
* the old nsec3 parameters and insert them into db
*/
if (!ISC_LIST_EMPTY(nsec3list)) {
- result = restore_nsec3param(zone, db, version, &nsec3list);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(restore_nsec3param(zone, db, version, &nsec3list));
}
dns_db_closeversion(db, &version, true);
*/
process_zone_setnsec3param(zone);
-failure:
+cleanup:
UNLOCK_ZONE(zone);
if (dbiterator != NULL) {
dns_dbiterator_destroy(&dbiterator);
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
- goto failure;
+ goto cleanup;
}
bool matched = false;
dns_rdataset_disassociate(&rdataset);
*flag = matched;
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
}
}
-failure:
+cleanup:
/*
* Put the DNSKEY changes we cared about back on diff->tuples.
*/
* signature and if not cause them to sign so that newly activated
* keys are used.
*/
- result = tickle_apex_rrset(dns_rdatatype_dnskey, zone, db, ver, now,
- diff, zonediff, zone_keys, nkeys, inception,
- keyexpire);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
- result = tickle_apex_rrset(dns_rdatatype_cds, zone, db, ver, now, diff,
- zonediff, zone_keys, nkeys, inception,
- keyexpire);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
- result = tickle_apex_rrset(dns_rdatatype_cdnskey, zone, db, ver, now,
- diff, zonediff, zone_keys, nkeys, inception,
- keyexpire);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(tickle_apex_rrset(dns_rdatatype_dnskey, zone, db, ver, now, diff,
+ zonediff, zone_keys, nkeys, inception,
+ keyexpire));
+ CHECK(tickle_apex_rrset(dns_rdatatype_cds, zone, db, ver, now, diff,
+ zonediff, zone_keys, nkeys, inception,
+ keyexpire));
+ CHECK(tickle_apex_rrset(dns_rdatatype_cdnskey, zone, db, ver, now, diff,
+ zonediff, zone_keys, nkeys, inception,
+ keyexpire));
result = dns__zone_updatesigs(diff, db, ver, zone_keys, nkeys, zone,
inception, soaexpire, keyexpire, now,
zonediff);
-
if (result != ISC_R_SUCCESS) {
dnssec_log(zone, ISC_LOG_ERROR,
"sign_apex:dns__zone_updatesigs -> %s",
isc_result_totext(result));
- goto failure;
}
-failure:
+cleanup:
for (i = 0; i < nkeys; i++) {
dst_key_free(&zone_keys[i]);
}
dns_rdataset_disassociate(&rdataset);
}
if (result != ISC_R_NOTFOUND) {
- goto failure;
+ goto cleanup;
}
result = dns_nsec3param_deletechains(db, ver, zone, true, diff);
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
}
CHECK(updatesecure(db, ver, origin, zone_nsecttl(zone), true, diff));
-failure:
+cleanup:
return result;
}
dns_zone_log(zone, ISC_LOG_NOTICE,
"checkds: bad DS response from %s: %.*s", addrbuf,
(int)buf.used, rcode);
- goto failure;
+ goto cleanup;
}
/* Make sure that either AA or RA bit is set. */
"checkds: bad DS response from %s: expected AA or "
"RA bit set",
addrbuf);
- goto failure;
+ goto cleanup;
}
/* Lookup DS RRset. */
dns_zone_rekey(zone, false, false);
}
-failure:
+cleanup:
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_DEBUG(3),
"checkds: DS request failed: %s",
dns_zone_unlock_keyfiles(zone);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
} else if (result != ISC_R_NOTFOUND) {
- goto failure;
+ goto cleanup;
}
/* Get the current CDS rdataset */
dnssec_log(zone, ISC_LOG_DEBUG(1),
"zone_rekey:dns_skr_lookup failed: "
"no SKR available");
- result = DNS_R_NOSKRFILE;
- goto failure;
+ CHECK(DNS_R_NOSKRFILE);
}
bundle = dns_skr_lookup(zone->skr, now, sigval);
zone->skrbundle = bundle;
"no available SKR bundle for time "
"%.*s (%s)",
(int)r.length, r.base, nowstr);
- result = DNS_R_NOSKRBUNDLE;
- goto failure;
+ CHECK(DNS_R_NOSKRBUNDLE);
}
zone_apply_skrbundle(zone, bundle, &keyset, &cdsset,
"zone_rekey:zone_verifykeys failed: "
"some key files are missing");
KASP_UNLOCK(kasp);
- goto failure;
+ goto cleanup;
}
/*
"failed: %s",
isc_result_totext(result));
KASP_UNLOCK(kasp);
- goto failure;
+ goto cleanup;
}
}
} else if (offlineksk) {
dnssec_log(zone, ISC_LOG_ERROR,
"zone_rekey:couldn't update zone keys: %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
if (offlineksk) {
dnssec_log(zone, ISC_LOG_ERROR,
"zone_rekey:couldn't update CDS/CDNSKEY: %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
if (cdsdel || cdnskeydel) {
"zone_rekey:couldn't update CDS/CDNSKEY "
"DELETE records: %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
post_sync:
result = ISC_R_SUCCESS;
-failure:
+cleanup:
LOCK_ZONE(zone);
if (result != ISC_R_SUCCESS) {
/*
dns_dnsseckeylist_t *keys, isc_stdtime_t now,
bool verbose, char *out, size_t out_len) {
isc_buffer_t buf;
- isc_result_t result = ISC_R_SUCCESS;
isc_time_t refreshkeytime;
isc_stdtime_t refresh;
char timestr[26];
bool checkds = zone->checkdstype != dns_checkdstype_no;
LOCK(&kasp->lock);
- result = dns_keymgr_status(kasp, keys, &buf, now, verbose, checkds);
+ RETERR(dns_keymgr_status(kasp, keys, &buf, now, verbose, checkds));
UNLOCK(&kasp->lock);
-failure:
- return result;
+ return ISC_R_SUCCESS;
}
isc_result_t
result = dns_db_findrdataset(db, node, version, dns_rdatatype_cds,
dns_rdatatype_none, 0, &cds, NULL);
- if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
- goto failure;
+ if (result != ISC_R_NOTFOUND) {
+ CHECK(result);
}
result = dns_db_findrdataset(db, node, version, dns_rdatatype_cdnskey,
dns_rdatatype_none, 0, &cdnskey, NULL);
- if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
- goto failure;
+ if (result != ISC_R_NOTFOUND) {
+ CHECK(result);
}
if (!dns_rdataset_isassociated(&cds) &&
!dns_rdataset_isassociated(&cdnskey))
{
result = ISC_R_SUCCESS;
- goto failure;
+ goto cleanup;
}
result = dns_db_findrdataset(db, node, version, dns_rdatatype_dnskey,
dns_rdatatype_none, 0, &dnskey, NULL);
if (result == ISC_R_NOTFOUND) {
empty = true;
- } else if (result != ISC_R_SUCCESS) {
- goto failure;
+ } else {
+ CHECK(result);
}
/*
}
if (empty) {
- result = DNS_R_BADCDS;
- goto failure;
+ CHECK(DNS_R_BADCDS);
}
CHECK(dns_rdata_tostruct(&crdata, &structcds, NULL));
&rdata);
if (result != ISC_R_SUCCESS) {
result = DNS_R_BADCDS;
- goto failure;
+ goto cleanup;
}
CHECK(dns_rdata_tostruct(&rdata, &structdnskey,
NULL));
for (i = 0; i < sizeof(algorithms); i++) {
if (delete) {
if (algorithms[i] != notexpected) {
- result = DNS_R_BADCDS;
- goto failure;
+ CHECK(DNS_R_BADCDS);
}
} else if (algorithms[i] == expected) {
- result = DNS_R_BADCDS;
- goto failure;
+ CHECK(DNS_R_BADCDS);
}
}
}
}
if (empty) {
- result = DNS_R_BADCDNSKEY;
- goto failure;
+ CHECK(DNS_R_BADCDNSKEY);
}
CHECK(dns_rdata_tostruct(&crdata, &structcdnskey,
for (i = 0; i < sizeof(algorithms); i++) {
if (delete) {
if (algorithms[i] != notexpected) {
- result = DNS_R_BADCDNSKEY;
- goto failure;
+ CHECK(DNS_R_BADCDNSKEY);
}
} else if (algorithms[i] == expected) {
- result = DNS_R_BADCDNSKEY;
- goto failure;
+ CHECK(DNS_R_BADCDNSKEY);
}
}
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (dns_rdataset_isassociated(&cds)) {
dns_rdataset_disassociate(&cds);
}
}
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
if (db == NULL) {
- goto failure;
+ goto cleanup;
}
dns_db_currentversion(db, &oldver);
dnssec_log(zone, ISC_LOG_ERROR,
"keydone:dns_db_newversion -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
- result = dns_db_getoriginnode(db, &node);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(dns_db_getoriginnode(db, &node));
result = dns_db_findrdataset(db, node, newver, zone->privatetype,
dns_rdatatype_none, 0, &rdataset, NULL);
- if (result == ISC_R_NOTFOUND) {
- INSIST(!dns_rdataset_isassociated(&rdataset));
- goto failure;
- }
if (result != ISC_R_SUCCESS) {
INSIST(!dns_rdataset_isassociated(&rdataset));
- goto failure;
+ goto cleanup;
}
DNS_RDATASET_FOREACH(&rdataset) {
UNLOCK_ZONE(zone);
}
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
isc_async_run(zone->loop, keydone, kd);
kd = NULL;
-failure:
+cleanup:
if (kd != NULL) {
isc_mem_put(zone->mctx, kd, sizeof(*kd));
}
}
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
if (db == NULL) {
- goto failure;
+ goto cleanup;
}
dns_db_currentversion(db, &oldver);
dnssec_log(zone, ISC_LOG_ERROR,
"setnsec3param:dns_db_newversion -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
CHECK(dns_db_getoriginnode(db, &node));
if (result == ISC_R_SUCCESS) {
/*
* Success because the NSEC3PARAM already exists, but
- * function returns void, so goto failure to clean up.
+ * function returns void, so goto cleanup.
*/
- goto failure;
+ goto cleanup;
}
if (result != DNS_R_NSEC3RESALT && result != ISC_R_NOTFOUND) {
dnssec_log(zone, ISC_LOG_DEBUG(3),
"setnsec3param:lookup nsec3param -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
INSIST(param.salt != NULL);
}
} else if (result != ISC_R_NOTFOUND) {
INSIST(!dns_rdataset_isassociated(&prdataset));
- goto failure;
+ goto cleanup;
}
/*
}
} else if (result != ISC_R_NOTFOUND) {
INSIST(!dns_rdataset_isassociated(&nrdataset));
- goto failure;
+ goto cleanup;
}
/*
UNLOCK_ZONE(zone);
}
-failure:
+cleanup:
if (dns_rdataset_isassociated(&prdataset)) {
dns_rdataset_disassociate(&prdataset);
}
param->salt = lookup->salt;
}
- if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS) {
- goto failure;
+ if (result != ISC_R_NOTFOUND) {
+ CHECK(result);
}
if (param->salt_length == 0) {
INSIST(result != ISC_R_SUCCESS);
}
-failure:
+cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
UNLOCK_ZONE(zone);
return result;
}
}
ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
if (db == NULL) {
- goto failure;
+ goto cleanup;
}
dns_db_currentversion(db, &oldver);
dns_zone_log(zone, ISC_LOG_ERROR,
"setserial:dns_db_newversion -> %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
CHECK(dns_db_createsoatuple(db, oldver, diff.mctx, DNS_DIFFOP_DEL,
desired, oldserial + 1,
oldserial + 0x7fffffff);
}
- goto failure;
+ goto cleanup;
}
dns_soa_setserial(desired, &newtuple->rdata);
zone_needdump(zone, 30);
UNLOCK_ZONE(zone);
-failure:
+cleanup:
if (oldtuple != NULL) {
dns_difftuple_free(&oldtuple);
}
if (!inline_secure(zone)) {
if (!dns_zone_isdynamic(zone, true)) {
- result = DNS_R_NOTDYNAMIC;
- goto failure;
+ CHECK(DNS_R_NOTDYNAMIC);
}
}
if (zone->update_disabled) {
- result = DNS_R_FROZEN;
- goto failure;
+ CHECK(DNS_R_FROZEN);
}
sse = isc_mem_get(zone->mctx, sizeof(*sse));
zone_iattach(zone, &sse->zone);
isc_async_run(zone->loop, setserial, sse);
-failure:
+cleanup:
UNLOCK_ZONE(zone);
return result;
}
if (zone->view != NULL) {
result = dns_view_getsecroots(zone->view, &secroots);
- if (result != ISC_R_SUCCESS) {
- goto done;
- }
+ CHECK(result);
}
origin = dns_db_origin(db);
result = dns_zoneverify_dnssec(zone, db, version, origin, secroots,
zone->mctx, true, false, dnssec_report);
-done:
+cleanup:
if (secroots != NULL) {
dns_keytable_detach(&secroots);
}
dns_zone_setskr(zone, skr);
dnssec_log(zone, ISC_LOG_DEBUG(1), "imported skr file %s", file);
-failure:
+cleanup:
dns_skr_detach(&skr);
return result;
#include <isc/string.h>
#include <isc/util.h>
-#define RETERR(x) \
- do { \
- isc_result_t _r = (x); \
- if (_r != ISC_R_SUCCESS) \
- return ((_r)); \
- } while (0)
-
/*@{*/
/*!
* These static functions are also present in lib/dns/rdata.c. I'm not
#include <isc/string.h>
#include <isc/util.h>
-#define RETERR(x) \
- do { \
- isc_result_t _r = (x); \
- if (_r != ISC_R_SUCCESS) \
- return ((_r)); \
- } while (0)
-
/*@{*/
/*!
* These static functions are also present in lib/dns/rdata.c. I'm not
#undef U
#undef L
-#define RETERR(x) \
- do { \
- isc_result_t _r = (x); \
- if (_r != ISC_R_SUCCESS) \
- return ((_r)); \
- } while (0)
-
/*
* BEW: These static functions are copied from lib/dns/rdata.c.
*/
#include <zlib.h>
#endif /* ifdef HAVE_ZLIB */
-#define CHECK(m) \
- do { \
- result = (m); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- } while (0)
-
/*
* Size the recv buffer to hold at maximum two full buffers from isc_nm_read(),
* so we don't have to handle the truncation.
#endif /* UNIT_TESTING */
+/*
+ * Check for ISC_R_SUCCESS. On any other result, jump to a cleanup
+ * label. (This macro requires the function to define `result`
+ * and `cleanup:`.)
+ */
+#define CHECK(r) \
+ { \
+ result = (r); \
+ if (result != ISC_R_SUCCESS) { \
+ goto cleanup; \
+ } \
+ }
+
+/*
+ * Unconditionally jump to the cleanup tag with 'result' set to 'r'.
+ */
+#define CLEANUP(r) \
+ { \
+ result = (r); \
+ goto cleanup; \
+ }
+
+/*
+ * Check for ISC_R_SUCCESS and continue if found. For any other
+ * result, return the result.
+ */
+#define RETERR(x) \
+ { \
+ isc_result_t _r = (x); \
+ if (_r != ISC_R_SUCCESS) { \
+ return ((_r)); \
+ } \
+ }
+
/*%
* Runtime check which logs the error value returned by a POSIX Threads
* function and the error string that corresponds to it
#define TOKEN_STRING(pctx) (pctx->token.value.as_textregion.base)
-/*% Check a return value. */
-#define CHECK(op) \
- { \
- result = (op); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- }
-
/*% Clean up a configuration object if non-NULL. */
#define CLEANUP_OBJ(obj) \
{ \
#define TOKEN_STRING(pctx) (pctx->token.value.as_textregion.base)
#define TOKEN_REGION(pctx) (pctx->token.value.as_textregion)
-/* Check a return value. */
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto cleanup; \
- } while (0)
-
/* cfg_obj_t magic number */
#define CFGOBJ_MAGIC ISC_MAGIC('c', 'f', 'g', 'o')
#define VALID_CFGOBJ(obj) ISC_MAGIC_VALID(obj, CFGOBJ_MAGIC)
isc_result_t
cfg_parse_listelt(cfg_parser_t *pctx, cfg_obj_t *list,
const cfg_type_t *elttype, cfg_listelt_t **ret) {
- isc_result_t result;
cfg_listelt_t *elt = NULL;
cfg_obj_t *value = NULL;
REQUIRE(elttype != NULL);
REQUIRE(ret != NULL && *ret == NULL);
- result = cfg_parse_obj(pctx, elttype, &value);
- if (result != ISC_R_SUCCESS) {
- return result;
- }
+ RETERR(cfg_parse_obj(pctx, elttype, &value));
create_listelt(list, &elt);
elt->obj = value;
#include <ns/hooks.h>
#include <ns/query.h>
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- } while (0)
-
struct ns_plugin {
isc_mem_t *mctx;
uv_lib_t handle;
isc_result_t
ns_plugin_expandpath(const char *src, char *dst, size_t dstsize) {
- isc_result_t result;
+ isc_result_t result = ISC_R_SUCCESS;
- result = plugin_expandpath(src, dst, dstsize, false);
- if (result != ISC_R_SUCCESS) {
- return result;
- }
+ RETERR(plugin_expandpath(src, dst, dstsize, false));
if (isc_file_exists(dst) == false) {
result = plugin_expandpath(src, dst, dstsize, true);
*/
#define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8)
-/*%
- * Check an operation for failure. These macros all assume that
- * the function using them has a 'result' variable and a 'failure'
- * label.
- */
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
-/*%
- * Fail unconditionally with result 'code', which must not
- * be ISC_R_SUCCESS. The reason for failure presumably has
- * been logged already.
- *
- * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
- * from complaining about "end-of-loop code not reached".
- */
-
-#define FAIL(code) \
- do { \
- result = (code); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
/*%
* Fail unconditionally and log as a client error.
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
"update %s: %s (%s)", _what, msg, \
isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) \
- goto failure; \
+ goto cleanup; \
} while (0)
#define PREREQFAILC(code, msg) \
do { \
msg, isc_result_totext(result)); \
} \
if (result != ISC_R_SUCCESS) \
- goto failure; \
+ goto cleanup; \
} while (0)
#define PREREQFAILN(code, name, msg) \
do { \
_tbuf, msg, isc_result_totext(result)); \
} \
if (result != ISC_R_SUCCESS) \
- goto failure; \
+ goto cleanup; \
} while (0)
#define PREREQFAILNT(code, name, type, msg) \
do { \
update_log(client, zone, LOGLEVEL_PROTOCOL, "error: %s: %s", \
msg, isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) \
- goto failure; \
+ goto cleanup; \
} while (0)
/*
}
return ISC_R_SUCCESS;
-failure:
+cleanup:
dns_diff_clear(diff);
return result;
}
temp_append(&d_rrs, name, &rdata);
}
- result = dns_diff_sort(&d_rrs, temp_order);
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(dns_diff_sort(&d_rrs, temp_order));
/*
* Collect all update RRs for this name and type
}
/* Compare the two sorted lists. */
- result = temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples),
- ISC_LIST_HEAD(d_rrs.tuples));
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples),
+ ISC_LIST_HEAD(d_rrs.tuples)));
/*
* We are done with the tuples, but we can't free
continue;
- failure:
+ cleanup:
dns_diff_clear(&d_rrs);
dns_diff_clear(&u_rrs);
dns_diff_clear(&trash);
CHECK(do_one_tuple(&addtuple, db, ver, diff));
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (addtuple != NULL) {
dns_difftuple_free(&addtuple);
}
}
result = dns_zone_checknames(zone, name, &rdata);
if (result != ISC_R_SUCCESS) {
- FAIL(DNS_R_REFUSED);
+ CHECK(DNS_R_REFUSED);
}
if ((options & DNS_ZONEOPT_CHECKSVCB) != 0 &&
rdata.type == dns_rdatatype_svcb)
update_log(client, zone, ISC_LOG_WARNING,
"update RR has incorrect class %d",
update_class);
- FAIL(DNS_R_FORMERR);
+ CHECK(DNS_R_FORMERR);
}
/*
isc_async_run(dns_zone_getloop(zone), update_action, uev);
maxbytype = NULL;
-failure:
+cleanup:
if (db != NULL) {
dns_db_closeversion(db, &ver, false);
dns_db_detach(&db);
* We can now fail due to a bad signature as we now know
* that we are the primary.
*/
- if (sigresult != ISC_R_SUCCESS) {
- FAIL(sigresult);
- }
+ CHECK(sigresult);
dns_message_clonebuffer(client->message);
CHECK(send_update(client, zone));
break;
}
return;
-failure:
+cleanup:
if (result == DNS_R_REFUSED) {
inc_stats(client, zone, ns_statscounter_updaterej);
}
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
ISC_LIST_FOREACH(temp_diff.tuples, tuple, link) {
ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);
dns_diff_appendminimal(diff, &tuple);
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
- goto failure;
+ goto cleanup;
} else {
CHECK(result);
}
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
- goto failure;
+ goto cleanup;
}
bool matched = false;
dns_rdataset_disassociate(&rdataset);
*flag = matched;
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
DNS_RDATASET_FOREACH(&rdataset) {
dns_rdata_t rdata = DNS_RDATA_INIT;
if (result == ISC_R_NOTFOUND) {
goto success;
}
- if (result != ISC_R_SUCCESS) {
- goto failure;
- }
+ CHECK(result);
DNS_RDATASET_FOREACH(&rdataset) {
unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
*iterationsp = iterations;
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (node != NULL) {
dns_db_detachnode(&node);
}
if (!dns_zone_check_dnskey_nsec3(zone, db, ver, diff, NULL, 0)) {
update_log(client, zone, ISC_LOG_ERROR,
"NSEC only DNSKEYs and NSEC3 chains not allowed");
- result = DNS_R_REFUSED;
- goto failure;
+ CHECK(DNS_R_REFUSED);
}
/* Verify NSEC3 params */
if (iterations > dns_nsec3_maxiterations()) {
update_log(client, zone, ISC_LOG_ERROR,
"too many NSEC3 iterations (%u)", iterations);
- result = DNS_R_REFUSED;
- goto failure;
+ CHECK(DNS_R_REFUSED);
}
-failure:
+cleanup:
return result;
}
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
dns_diff_clear(&temp_diff);
return result;
}
}
result = ISC_R_SUCCESS;
-failure:
+cleanup:
dns_diff_clear(&temp_diff);
return result;
}
if (result != ISC_R_SUCCESS) {
dns_diff_clear(&ctx.del_diff);
dns_diff_clear(&ctx.add_diff);
- goto failure;
+ goto cleanup;
}
result = update_one_rr(
db, ver, &diff, DNS_DIFFOP_ADD,
"failed: %s",
isc_result_totext(
result));
- goto failure;
+ goto cleanup;
}
}
}
* that are in use (under our control).
*/
if (dns_rdatatype_iskeymaterial(rdata.type)) {
- isc_result_t r;
bool inuse = false;
- r = dns_zone_dnskey_inuse(zone, &rdata,
- &inuse);
- if (r != ISC_R_SUCCESS) {
- FAIL(r);
- }
+ CHECK(dns_zone_dnskey_inuse(
+ zone, &rdata, &inuse));
if (inuse) {
char typebuf
[DNS_RDATATYPE_FORMATSIZE];
update_log(client, zone, LOGLEVEL_PROTOCOL,
"update rejected: post update name server "
"sanity check failed");
- result = DNS_R_REFUSED;
- goto failure;
+ CHECK(DNS_R_REFUSED);
}
}
if (!ISC_LIST_EMPTY(diff.tuples) && is_signing) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
"update rejected: bad %s RRset",
result == DNS_R_BADCDS ? "CDS" : "CDNSKEY");
- result = DNS_R_REFUSED;
- goto failure;
- }
- if (result != ISC_R_SUCCESS) {
- goto failure;
+ CHECK(DNS_R_REFUSED);
}
+ CHECK(result);
}
/*
update_log(client, zone, ISC_LOG_ERROR,
"RRSIG/NSEC/NSEC3 update failed: %s",
isc_result_totext(result));
- goto failure;
+ goto cleanup;
}
}
"records in zone (%" PRIu64
") exceeds max-records (%u)",
records, maxrecords);
- result = DNS_R_TOOMANYRECORDS;
- goto failure;
+ CHECK(DNS_R_TOOMANYRECORDS);
}
}
result = ISC_R_SUCCESS;
goto common;
-failure:
+cleanup:
/*
* The reason for failure should have been logged at this point.
*/
"bad zone transfer request: %s (%s)", msg, \
isc_result_totext(code)); \
if (result != ISC_R_SUCCESS) \
- goto failure; \
+ goto cleanup; \
} while (0)
#define FAILQ(code, msg, question, rdclass) \
"bad zone transfer request: '%s/%s': %s (%s)", \
_buf1, _buf2, msg, isc_result_totext(code)); \
if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
-#define CHECK(op) \
- do { \
- result = (op); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
+ goto cleanup; \
} while (0)
/**************************************************************************/
*sp = (rrstream_t *)s;
return ISC_R_SUCCESS;
-failure:
+cleanup:
ixfr_rrstream_destroy((rrstream_t **)(void *)&s);
return result;
}
*sp = (rrstream_t *)s;
return ISC_R_SUCCESS;
-failure:
+cleanup:
axfr_rrstream_destroy((rrstream_t **)(void *)&s);
return result;
}
*sp = (rrstream_t *)s;
return ISC_R_SUCCESS;
-failure:
+cleanup:
soa_rrstream_destroy((rrstream_t **)(void *)&s);
return result;
}
ISC_LOG_ERROR,
"zone transfer '%s/%s' denied",
_buf1, _buf2);
- goto failure;
+ goto cleanup;
}
if (result != ISC_R_SUCCESS) {
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
result = ISC_R_SUCCESS;
-failure:
+cleanup:
if (result == DNS_R_REFUSED) {
inc_stats(client, zone, ns_statscounter_xfrrej);
}
xfr->txmemlen = len;
/*
- * These MUST be after the last "goto failure;" / CHECK to
+ * These MUST be after the last "goto cleanup;" / CHECK to
* prevent a double free by the caller.
*/
xfr->stream = stream;
"(%d bytes)",
size);
/* XXX DNS_R_RRTOOLARGE? */
- result = ISC_R_NOSPACE;
- goto failure;
+ CHECK(ISC_R_NOSPACE);
}
break;
}
/* Advance lasttsig to be the last TSIG generated */
CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig));
-failure:
+cleanup:
if (tcpmsg != NULL) {
dns_message_detach(&tcpmsg);
}
testname,
};
-#define CHECK(count, result) \
+#define CHECKN(count, result) \
do { \
if (result != ISC_R_SUCCESS) { \
dns_name_t *name = &item[count].fixed.name; \
isc_time_t t0 = isc_time_now_hires();
for (size_t n = arg->start; n < arg->end; n++) {
isc_result_t result = add_lfht(arg->map, n);
- CHECK(n, result);
+ CHECKN(n, result);
}
isc_time_t t1 = isc_time_now_hires();
for (size_t n = arg->start; n < arg->end; n++) {
void *pval = NULL;
isc_result_t result = get_lfht(arg->map, n, &pval);
- CHECK(n, result);
+ CHECKN(n, result);
assert(pval == &item[n]);
}
WRLOCK(&rwl);
for (size_t n = arg->start; n < arg->end; n++) {
isc_result_t result = add_hashmap(arg->map, n);
- CHECK(n, result);
+ CHECKN(n, result);
}
WRUNLOCK(&rwl);
for (size_t n = arg->start; n < arg->end; n++) {
void *pval = NULL;
isc_result_t result = get_hashmap(arg->map, n, &pval);
- CHECK(n, result);
+ CHECKN(n, result);
assert(pval == &item[n]);
}
RDUNLOCK(&rwl);
WRLOCK(&rwl);
for (size_t n = arg->start; n < arg->end; n++) {
isc_result_t result = add_ht(arg->map, n);
- CHECK(n, result);
+ CHECKN(n, result);
}
WRUNLOCK(&rwl);
for (size_t n = arg->start; n < arg->end; n++) {
void *pval = NULL;
isc_result_t result = get_ht(arg->map, n, &pval);
- CHECK(n, result);
+ CHECKN(n, result);
assert(pval == &item[n]);
}
RDUNLOCK(&rwl);
isc_time_t t0 = isc_time_now_hires();
for (size_t n = arg->start; n < arg->end; n++) {
isc_result_t result = add_qp(qp, n);
- CHECK(n, result);
+ CHECKN(n, result);
}
if (sqz) {
sqz_qp(qp);
for (size_t n = arg->start; n < arg->end; n++) {
void *pval = NULL;
isc_result_t result = get_qp(&qpr, n, &pval);
- CHECK(n, result);
+ CHECKN(n, result);
assert(pval == &item[n]);
}
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wshadow"
-#undef CHECK
#include "qpcache.c"
#pragma GCC diagnostic pop
-#undef CHECK
#include <tests/dns.h>
/* Set to true (or use -v option) for verbose output */
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wshadow"
-#undef CHECK
#include "qpzone.c"
#pragma GCC diagnostic pop
-#undef CHECK
#include <tests/dns.h>
const char *ownercase_vectors[12][2] = {
#define TEST_ORIGIN "test"
-#define CHECK(r) \
- { \
- result = (r); \
- if (result != ISC_R_SUCCESS) { \
- goto cleanup; \
- } \
- }
-
static isc_result_t
add_mac(dst_context_t *tsigctx, isc_buffer_t *buf) {
dns_rdata_any_tsig_t tsig;
*/
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wshadow"
-#undef CHECK
#include "update.c"
#pragma GCC diagnostic pop
-#undef CHECK
#include <tests/dns.h>
static int
projects / thirdparty / bind9.git / commitdiff
